Windows 7: Browser leitet ungewollt auf Werbung weiter

cosinus · 17.08.2013, 14:02

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Trestar · 26.08.2013, 15:44

Leider ist das Problem mit dem Redirect aus Google, wie zuerst erhofft, doch nicht behoben. Die Probleme sind wieder / immer noch da. Ich befürchte das jetzt wirklich nur noch eine komplette Neuinstallation hilft.

Hier sind noch die Logs von Malwarebytes Anti-Malware und ESET

Malwarebytes Anti-Malware

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.26.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
ggross :: BUERO [Administrator]

26.08.2013 16:31:04
mbam-log-2013-08-26 (16-31-04).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 254380
Laufzeit: 6 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=88b0af04c2307346a46b1a5498b6a66b
# engine=14848
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-21 12:25:11
# local_time=2013-08-21 02:25:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 3557419 128717761 0 0
# scanned=511636
# found=0
# cleaned=0
# scan_time=8872

cosinus · 27.08.2013, 08:53

Hm...ich seh da noch Reste vom Spyhunter. Mach mal das hier:

SpyHunter entfernen

Die folgende Datei hilft dir das Programm restlos zu deinstallieren:

Lade dir bitte die folgendes Programm auf deinen Desktop: SpyHunterKiller.exe
Bestätige die Warnung und klicke Weiter.
Berichte, ob du noch Reste von SpyHunter sehen kannst.

Trestar · 05.09.2013, 20:05

Es wurde wohl etwas entfernt. Aber leider ist das Problem noch immer nicht behoben...

Code:

ATTFilter

SpyHunter läuft nicht ...
Dienst läuft nicht: SpyHunter 4 Service
Dienst läuft: esgiguard
Dienst läuft nicht: EsgScanner
SpyHunter lief nicht ...
Dienst läuft nicht: SpyHunter 4 Service
Dienst nicht gestoppt: esgiguard
Dienst gelöscht: esgiguard
Dienst läuft nicht: EsgScanner
Verzeichnis entfernt: C:\Program Files\Enigma Software Group
Bearbeite Registry ...
... fertig.
----
Ende

cosinus · 06.09.2013, 10:59

Adware/Junkware/Toolbars entfernen

adwcleaner und JRT bitte neu runterladen!!

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Trestar · 07.09.2013, 21:21

Hier die Logs:

adwCleaner

Code:

ATTFilter

# AdwCleaner v3.003 - Bericht erstellt am 07/09/2013 um 20:43:27
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ggross - BUERO
# Gestartet von : C:\Users\ggross\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Description

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660


*************************

AdwCleaner[R0].txt - [955 octets] - [26/08/2013 22:58:09]
AdwCleaner[R1].txt - [888 octets] - [26/08/2013 23:06:19]
AdwCleaner[R2].txt - [1006 octets] - [26/08/2013 23:12:46]
AdwCleaner[R3].txt - [990 octets] - [26/08/2013 23:20:11]
AdwCleaner[R4].txt - [1049 octets] - [26/08/2013 23:24:16]
AdwCleaner[R5].txt - [1193 octets] - [07/09/2013 20:42:00]
AdwCleaner[S0].txt - [974 octets] - [26/08/2013 22:59:23]
AdwCleaner[S1].txt - [948 octets] - [26/08/2013 23:07:28]
AdwCleaner[S2].txt - [957 octets] - [26/08/2013 23:15:51]
AdwCleaner[S3].txt - [1111 octets] - [07/09/2013 20:43:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1171 octets] ##########

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.8 (09.05.2013:1)
OS: Windows 7 Professional x64
Ran by ggross on 07.09.2013 at 21:54:16,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\qtrax



~~~ Files

Successfully deleted: [File] "C:\Users\ggross\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.09.2013 at 22:00:05,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2013 03
Ran by ggross (administrator) on BUERO on 07-09-2013 22:04:56
Running from C:\Users\ggross\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(DATEV eG) D:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe
(AMD) C:\Windows\system32\atieclxx.exe
(DATEV eG) D:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE
(DATEV eG) D:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
(DATEV eG) D:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(KOBIL Systems GmbH) D:\DATEV\PROGRAMM\B0000404\msdisrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\hp laserjet m2727\hppfaxprintersrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(DATEV eG) D:\Datev\PROGRAMM\Install\DvInesASDMon.Exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(DATEV eG) D:\Datev\PROGRAMM\B0000398\SiPaHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
() D:\Datev\PROGRAMM\A0000007\DHNC.exe
(DATEV eG) D:\Datev\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe
(DATEV eG) D:\Datev\PROGRAMM\Sws\LiMaServer.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(DATEV eG) D:\DATEV\PROGRAMM\DFUEISDN\sslclt\sslclt.exe
(DATEVeG) D:\DATEV\PROGRAMM\B0000299\as\as.exe
(DATEV eG) D:\DATEV\PROGRAMM\SWS\LiMaService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Hewlett-Packard, Inc.) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
(DATEVeG) D:\DATEV\PROGRAMM\B0000299\as\as.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(DATEV eG) D:\DATEV\SYSTEM\rzpjwtch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(TeamViewer GmbH) c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8317472 2009-11-03] (Realtek Semiconductor)
HKLM\...\Run: [HP LaserJet M2727 MFP Series Fax] - C:\Program Files (x86)\HP\hp LaserJet M2727\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-05-19] (Hewlett-Packard Company)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2011-11-11] (Apple Inc.)
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] ()
HKLM-x32\...\Run: [ToolBoxFX] - C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2010-01-27] (HP)
HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [36864 2007-08-31] ()
HKLM-x32\...\Run: [DATEV Update-Monitor] - D:\Datev\PROGRAMM\Install\DvInesASDMon.exe [288352 2012-12-20] (DATEV eG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-11-27] (McAfee, Inc.)
HKLM-x32\...\Run: [SiPaHost] - D:\DATEV\PROGRAMM\B0000398\SiPaHost.exe [551464 2013-01-18] (DATEV eG)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk
ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> D:\Datev\PROGRAMM\BSOffice\service\OfficeDiag.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk
ShortcutTarget: CleanupPrintJobs.lnk -> D:\Datev\PROGRAMM\B0001401\CleanupPrintJobs.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DATEV-Hinweis Mitteilungsdienst.lnk
ShortcutTarget: DATEV-Hinweis Mitteilungsdienst.lnk -> D:\Datev\PROGRAMM\A0000007\DHNC.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DFÜ-Manager.lnk
ShortcutTarget: DFÜ-Manager.lnk -> D:\Datev\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lizenz-Manager Server.lnk
ShortcutTarget: Lizenz-Manager Server.lnk -> D:\Datev\PROGRAMM\Sws\LiMaServer.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RZ-Druckertreiber V.2.3.lnk
ShortcutTarget: RZ-Druckertreiber V.2.3.lnk -> D:\DATEV\SYSTEM\rzpjwtch.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
ShortcutTarget: SkyUserDevmode-Update.lnk -> D:\Datev\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - D:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe64.dll (DATEV eG)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130815235732.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - D:\DATEV\SYSTEM\DVCCSASCardBHO64002.Dll (DATEV eG)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - D:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130815235732.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - D:\DATEV\SYSTEM\DVCCSAScardBHO002.dll (DATEV eG)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 DATEV Update-Service; D:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [158304 2012-12-20] (DATEV eG)
R2 DATEV ViwasClientService; D:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe [69216 2013-02-05] (DATEV eG)
R2 DatevPrintService; D:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2013-04-08] (DATEV eG)
R2 Dcmanag; D:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe [177760 2012-06-05] (DATEV eG)
R2 DVckService; D:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe [2653224 2013-01-28] (DATEV eG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.)
R2 Hp.Skyroom.Windows.Service; C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [124472 2010-03-03] (Hewlett-Packard)
R2 KOBIL_MSDI; D:\DATEV\PROGRAMM\B0000404\msdisrv.exe [192512 2011-03-03] (KOBIL Systems GmbH)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-11-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [202376 2012-09-25] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [209760 2011-09-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2012-09-25] (McAfee, Inc.)
R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
R2 rgsender; c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [379904 2009-11-19] (Hewlett-Packard, Inc.)
R2 Sicherheitspaket-Dienst; D:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe [196136 2013-01-18] (DATEV eG)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S3 Datev.Database.Conserve; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R2 Datev.Framework.RemoteServiceModel.EnablerService; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
R3 Datev.Framework.RemoteServices; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
R3 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]

==================== Drivers (Whitelisted) ====================

R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [25344 2011-04-23] (KOBIL Systems GmbH)
S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2012-12-25] (KOBIL Systems GmbH)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169192 2012-09-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [282736 2012-09-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [673624 2012-09-25] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2012-09-25] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [305280 2012-09-25] (McAfee, Inc.)
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [84728 2012-07-03] (Datev eG)
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [84728 2012-07-03] (Datev eG)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U0 dmboot; 
U3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-07 22:00 - 2013-09-07 22:00 - 00000929 _____ C:\Users\ggross\Desktop\JRT.txt
2013-09-07 21:53 - 2013-09-06 05:32 - 01028823 _____ (Thisisu) C:\Users\ggross\Desktop\JRT_NEW.exe
2013-09-07 21:51 - 2013-09-07 21:51 - 00001255 _____ C:\Users\ggross\Desktop\AdwCleaner[S3].txt
2013-09-07 20:41 - 2013-09-07 20:41 - 01037278 _____ C:\Users\ggross\Desktop\adwcleaner.exe
2013-09-05 21:00 - 2013-09-05 21:01 - 00464381 _____ C:\Users\ggross\Desktop\SpyHunterKiller.exe
2013-08-26 22:57 - 2013-09-07 20:43 - 00000000 ____D C:\AdwCleaner
2013-08-26 22:56 - 2013-08-26 22:56 - 00994642 _____ C:\Users\ggross\Downloads\adwcleaner.exe
2013-08-21 11:54 - 2013-08-21 11:54 - 02347384 _____ (ESET) C:\Users\ggross\Downloads\esetsmartinstaller_enu.exe
2013-08-21 11:54 - 2013-08-21 11:54 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-20 17:40 - 2013-08-26 23:15 - 00000000 ____D C:\Users\ggross\AppData\Roaming\Mozilla
2013-08-20 17:38 - 2013-08-20 17:38 - 00282008 _____ (Mozilla) C:\Users\ggross\Downloads\Firefox Setup Stub 23.0.1.exe
2013-08-20 12:42 - 2013-08-20 12:42 - 00000000 ____D C:\Users\ggross\AppData\Roaming\Malwarebytes
2013-08-20 12:42 - 2013-08-20 12:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-20 12:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-16 16:00 - 2013-08-16 16:00 - 00000000 ____D C:\Users\ggross\AppData\Roaming\TeamViewer
2013-08-16 15:02 - 2013-08-16 15:02 - 00000000 ____D C:\Windows\ERUNT
2013-08-16 14:55 - 2013-08-16 14:55 - 00000851 _____ C:\Users\ggross\Desktop\AdwCleaner[S2].txt
2013-08-16 14:44 - 2013-08-16 14:44 - 00000851 _____ C:\AdwCleaner[S2].txt
2013-08-16 12:48 - 2013-08-16 12:48 - 00001164 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-08-16 12:46 - 2013-08-16 12:46 - 05536272 _____ (TeamViewer GmbH) C:\Users\ggross\Downloads\TeamViewer_Setup_de.exe
2013-08-16 09:50 - 2013-08-16 12:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-16 09:48 - 2013-08-16 12:13 - 00000000 ____D C:\Users\ggross\Desktop\mbar
2013-08-16 09:48 - 2013-08-16 09:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-16 09:47 - 2013-08-16 09:47 - 12081912 _____ (Malwarebytes Corp.) C:\Users\ggross\Desktop\mbar-1.06.1.1005.exe
2013-08-15 23:47 - 2013-08-15 23:47 - 00022557 _____ C:\Users\ggross\Desktop\ComboFix.txt
2013-08-15 23:36 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-15 23:36 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-15 23:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-15 23:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-15 23:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-15 23:36 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-15 23:36 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-15 23:36 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-15 23:29 - 2013-08-15 23:47 - 00000000 ____D C:\Qoobox
2013-08-15 23:29 - 2013-08-15 23:44 - 00000000 ____D C:\Windows\erdnt
2013-08-15 23:25 - 2013-08-15 23:26 - 05104599 ____R (Swearware) C:\Users\ggross\Desktop\ComboFix.exe
2013-08-15 20:56 - 2013-08-15 20:56 - 00021937 _____ C:\Users\ggross\Desktop\Addition.txt
2013-08-15 20:48 - 2013-08-15 20:48 - 00000000 ____D C:\FRST
2013-08-15 20:10 - 2013-08-15 20:10 - 00001449 _____ C:\Users\ggross\Desktop\AdwCleaner[S1].txt
2013-08-15 20:10 - 2013-08-15 20:10 - 00001387 _____ C:\Users\ggross\Desktop\AdwCleaner[R1].txt
2013-08-15 19:38 - 2013-08-15 19:38 - 00003134 _____ C:\Windows\System32\Tasks\{493B5B7B-1FB3-4CE1-B1A1-4D0CE1106EE5}
2013-08-15 18:27 - 2013-08-15 20:01 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-15 18:27 - 2013-08-15 18:27 - 00000000 _____ C:\autoexec.bat
2013-08-15 17:28 - 2013-08-15 17:28 - 00000000 ____D C:\Windows\pss
2013-08-15 17:15 - 2013-08-15 17:15 - 00000116 ___RH C:\Users\ggross\Downloads\Stinger.opt
2013-08-15 16:56 - 2013-08-15 17:15 - 00000000 ____D C:\Program Files (x86)\stinger
2013-08-15 16:34 - 2013-08-15 20:09 - 00000000 ____D C:\Users\ggross\Desktop\AdwCleaner
2013-08-15 16:16 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 16:16 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 16:16 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 16:16 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 16:16 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 16:16 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 16:16 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 16:16 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 16:16 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 16:16 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 16:16 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 16:16 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 16:02 - 2013-08-15 16:02 - 00000000 ____D C:\Users\ggross\AppData\Local\Google
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-15 15:53 - 2013-08-15 15:53 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-15 15:52 - 2013-08-15 15:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-15 12:05 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 12:05 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 12:05 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 12:05 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 12:05 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 12:05 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 12:05 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 12:05 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 12:05 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 12:05 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 12:05 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 12:05 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 12:05 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 12:05 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 12:04 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 12:04 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 12:04 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 12:04 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 12:04 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 12:04 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 12:04 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 12:04 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 12:04 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 12:04 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 12:04 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 12:04 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 12:04 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-07 22:04 - 2013-09-07 22:03 - 01948628 _____ (Farbar) C:\Users\ggross\Desktop\FRST64.exe
2013-09-07 22:00 - 2013-09-07 22:00 - 00000929 _____ C:\Users\ggross\Desktop\JRT.txt
2013-09-07 21:56 - 2013-05-08 09:45 - 00000302 _____ C:\Windows\Tasks\Ukhvpsygr.job
2013-09-07 21:52 - 2012-12-25 14:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-07 21:51 - 2013-09-07 21:51 - 00001255 _____ C:\Users\ggross\Desktop\AdwCleaner[S3].txt
2013-09-07 20:53 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-07 20:53 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-07 20:44 - 2011-03-09 08:59 - 01700750 _____ C:\Windows\WindowsUpdate.log
2013-09-07 20:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-07 20:44 - 2009-07-14 06:51 - 00064006 _____ C:\Windows\setupact.log
2013-09-07 20:43 - 2013-08-26 22:57 - 00000000 ____D C:\AdwCleaner
2013-09-07 20:41 - 2013-09-07 20:41 - 01037278 _____ C:\Users\ggross\Desktop\adwcleaner.exe
2013-09-07 18:50 - 2011-04-24 23:41 - 00000000 ____D D:\Eigene Dokumente\Outlook-Dateien
2013-09-07 18:47 - 2011-12-24 12:20 - 00000000 ____D C:\Users\ggross\AppData\Local\484B0A56-7803-4F13-A847-82265F7F70F3.aplzod
2013-09-07 14:49 - 2011-04-24 09:39 - 00000000 ____D D:\Eigene Dokumente\Einsprüche
2013-09-07 12:00 - 2011-04-24 09:39 - 00000000 ____D D:\Eigene Dokumente\Kassenbuch
2013-09-07 11:56 - 2011-04-24 09:39 - 00000000 ____D D:\Eigene Dokumente\Buchhaltung
2013-09-06 22:22 - 2011-04-24 09:39 - 00000000 ____D D:\Eigene Dokumente\Briefe FA
2013-09-06 05:32 - 2013-09-07 21:53 - 01028823 _____ (Thisisu) C:\Users\ggross\Desktop\JRT_NEW.exe
2013-09-05 22:11 - 2011-04-24 09:39 - 00000000 ____D D:\Eigene Dokumente\Briefe Allgemein
2013-09-05 21:01 - 2013-09-05 21:00 - 00464381 _____ C:\Users\ggross\Desktop\SpyHunterKiller.exe
2013-09-04 10:28 - 2011-04-25 14:49 - 00005701 _____ C:\Users\ggross\AppData\Local\EmptySettings.xml
2013-09-03 10:47 - 2011-04-26 14:28 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-02 20:01 - 2011-04-24 09:39 - 00000000 ____D D:\Eigene Dokumente\Elster
2013-09-02 19:47 - 2011-03-09 09:41 - 00766568 _____ C:\Windows\system32\perfh007.dat
2013-09-02 19:47 - 2011-03-09 09:41 - 00174774 _____ C:\Windows\system32\perfc007.dat
2013-09-02 19:47 - 2009-07-14 07:13 - 01809554 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-01 18:24 - 2011-03-09 08:59 - 00000000 ____D C:\ProgramData\PDFC
2013-08-26 23:17 - 2011-04-22 21:30 - 00106040 _____ C:\Windows\PFRO.log
2013-08-26 23:15 - 2013-08-20 17:40 - 00000000 ____D C:\Users\ggross\AppData\Roaming\Mozilla
2013-08-26 23:15 - 2013-06-26 08:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-26 22:56 - 2013-08-26 22:56 - 00994642 _____ C:\Users\ggross\Downloads\adwcleaner.exe
2013-08-21 18:52 - 2012-12-25 14:29 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 18:52 - 2012-12-25 14:29 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 18:52 - 2011-09-14 08:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 11:54 - 2013-08-21 11:54 - 02347384 _____ (ESET) C:\Users\ggross\Downloads\esetsmartinstaller_enu.exe
2013-08-21 11:54 - 2013-08-21 11:54 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-20 17:38 - 2013-08-20 17:38 - 00282008 _____ (Mozilla) C:\Users\ggross\Downloads\Firefox Setup Stub 23.0.1.exe
2013-08-20 12:42 - 2013-08-20 12:42 - 00000000 ____D C:\Users\ggross\AppData\Roaming\Malwarebytes
2013-08-20 12:42 - 2013-08-20 12:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-19 17:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-19 17:26 - 2012-01-30 20:40 - 00000000 ____D C:\Users\ggross\AppData\Roaming\HpUpdate
2013-08-16 16:00 - 2013-08-16 16:00 - 00000000 ____D C:\Users\ggross\AppData\Roaming\TeamViewer
2013-08-16 16:00 - 2011-04-23 19:32 - 01829028 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-16 15:05 - 2011-04-23 17:51 - 00000000 ____D C:\Users\ggross
2013-08-16 15:02 - 2013-08-16 15:02 - 00000000 ____D C:\Windows\ERUNT
2013-08-16 14:55 - 2013-08-16 14:55 - 00000851 _____ C:\Users\ggross\Desktop\AdwCleaner[S2].txt
2013-08-16 14:53 - 2011-04-23 17:52 - 00139256 _____ C:\Users\ggross\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-16 14:46 - 2009-07-14 06:45 - 00519080 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-16 14:44 - 2013-08-16 14:44 - 00000851 _____ C:\AdwCleaner[S2].txt
2013-08-16 12:48 - 2013-08-16 12:48 - 00001164 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-08-16 12:48 - 2011-04-24 22:30 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-08-16 12:46 - 2013-08-16 12:46 - 05536272 _____ (TeamViewer GmbH) C:\Users\ggross\Downloads\TeamViewer_Setup_de.exe
2013-08-16 12:13 - 2013-08-16 09:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-16 12:13 - 2013-08-16 09:48 - 00000000 ____D C:\Users\ggross\Desktop\mbar
2013-08-16 09:48 - 2013-08-16 09:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-16 09:47 - 2013-08-16 09:47 - 12081912 _____ (Malwarebytes Corp.) C:\Users\ggross\Desktop\mbar-1.06.1.1005.exe
2013-08-15 23:57 - 2012-12-25 17:23 - 00099352 _____ (McAfee, Inc.) C:\Windows\system32\MfeOtlkAddin.dll
2013-08-15 23:56 - 2012-12-25 17:23 - 00075656 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MfeOtlkAddin.dll
2013-08-15 23:56 - 2010-03-25 20:07 - 00023112 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MFEOtlk.dll
2013-08-15 23:47 - 2013-08-15 23:47 - 00022557 _____ C:\Users\ggross\Desktop\ComboFix.txt
2013-08-15 23:47 - 2013-08-15 23:29 - 00000000 ____D C:\Qoobox
2013-08-15 23:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-15 23:44 - 2013-08-15 23:29 - 00000000 ____D C:\Windows\erdnt
2013-08-15 23:44 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-15 23:26 - 2013-08-15 23:25 - 05104599 ____R (Swearware) C:\Users\ggross\Desktop\ComboFix.exe
2013-08-15 20:56 - 2013-08-15 20:56 - 00021937 _____ C:\Users\ggross\Desktop\Addition.txt
2013-08-15 20:48 - 2013-08-15 20:48 - 00000000 ____D C:\FRST
2013-08-15 20:10 - 2013-08-15 20:10 - 00001449 _____ C:\Users\ggross\Desktop\AdwCleaner[S1].txt
2013-08-15 20:10 - 2013-08-15 20:10 - 00001387 _____ C:\Users\ggross\Desktop\AdwCleaner[R1].txt
2013-08-15 20:09 - 2013-08-15 16:34 - 00000000 ____D C:\Users\ggross\Desktop\AdwCleaner
2013-08-15 20:01 - 2013-08-15 18:27 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-15 19:38 - 2013-08-15 19:38 - 00003134 _____ C:\Windows\System32\Tasks\{493B5B7B-1FB3-4CE1-B1A1-4D0CE1106EE5}
2013-08-15 18:27 - 2013-08-15 18:27 - 00000000 _____ C:\autoexec.bat
2013-08-15 17:28 - 2013-08-15 17:28 - 00000000 ____D C:\Windows\pss
2013-08-15 17:15 - 2013-08-15 17:15 - 00000116 ___RH C:\Users\ggross\Downloads\Stinger.opt
2013-08-15 17:15 - 2013-08-15 16:56 - 00000000 ____D C:\Program Files (x86)\stinger
2013-08-15 16:31 - 2012-09-07 12:22 - 00000000 ____D C:\Quarantäne
2013-08-15 16:13 - 2013-08-07 21:01 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 16:11 - 2011-04-23 18:40 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 16:02 - 2013-08-15 16:02 - 00000000 ____D C:\Users\ggross\AppData\Local\Google
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-15 15:54 - 2011-04-23 18:59 - 00000000 ____D C:\Users\ggross\AppData\Local\Adobe
2013-08-15 15:53 - 2013-08-15 15:53 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-15 15:52 - 2013-08-15 15:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-15 15:52 - 2011-04-22 14:04 - 00000000 ____D C:\ProgramData\Adobe
2013-08-09 03:03 - 2011-04-22 13:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-09 03:03 - 2009-07-14 04:34 - 00000513 _____ C:\Windows\win.ini
2013-08-08 12:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF

Files to move or delete:
====================
C:\Users\ggross\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 18:54

==================== End Of Log ============================

--- --- ---

cosinus · 08.09.2013, 15:45

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Windows\Tasks\Ukhvpsygr.job
C:\Windows\SysWOW64\whoamig.dll
C:\Users\ggross\AppData\Local\Temp\Quarantine.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Trestar · 17.09.2013, 12:33

So hier das Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 03
Ran by ggross at 2013-09-17 13:21:26 Run:1
Running from C:\Users\ggross\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Windows\Tasks\Ukhvpsygr.job
C:\Windows\SysWOW64\whoamig.dll
C:\Users\ggross\AppData\Local\Temp\Quarantine.exe
*****************

C:\Windows\Tasks\Ukhvpsygr.job => Moved successfully.
Could not move "C:\Windows\SysWOW64\whoamig.dll" => Scheduled to move on reboot.
C:\Users\ggross\AppData\Local\Temp\Quarantine.exe => Moved successfully.

=========== Result of Scheduled Files to move ===========

C:\Windows\SysWOW64\whoamig.dll => Moved successfully.

==== End of Fixlog ====

cosinus · 17.09.2013, 13:37

Ein frisches FRST-Log bitte. FRST vorher neu runterladen

Trestar · 17.09.2013, 15:25

so, hier kommt er...

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by ggross (administrator) on BUERO on 17-09-2013 16:18:53
Running from C:\Users\ggross\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(DATEV eG) D:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe
(AMD) C:\Windows\system32\atieclxx.exe
(DATEV eG) D:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE
(DATEV eG) D:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(KOBIL Systems GmbH) D:\DATEV\PROGRAMM\B0000404\msdisrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Hewlett-Packard, Inc.) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
(DATEV eG) D:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\hp laserjet m2727\hppfaxprintersrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(DATEV eG) D:\Datev\PROGRAMM\Install\DvInesASDMon.Exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(DATEV eG) D:\Datev\PROGRAMM\B0000398\SiPaHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE
() D:\Datev\PROGRAMM\A0000007\DHNC.exe
(DATEV eG) D:\Datev\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe
(DATEV eG) D:\Datev\PROGRAMM\Sws\LiMaServer.exe
(DATEV eG) D:\DATEV\SYSTEM\rzpjwtch.exe
(DATEV eG) D:\DATEV\PROGRAMM\DFUEISDN\sslclt\sslclt.exe
(DATEVeG) D:\DATEV\PROGRAMM\B0000299\as\as.exe
(DATEVeG) D:\DATEV\PROGRAMM\B0000299\as\as.exe
(DATEV eG) D:\DATEV\PROGRAMM\SWS\LiMaService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(DATEV eG) D:\Datev\PROGRAMM\K0005000\Arbeitsplatz.exe
(DATEV eG) D:\DATEV\PROGRAMM\K0005003\Datev.Sdd.DataServer.exe
(DATEV eG) D:\DATEV\SYSTEM\NUKO\NKWLOGIN.EXE
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) D:\DATEV\PROGRAMM\D0100000\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(DATEV eG) D:\DATEV\PROGRAMM\RWAPPLIC\IRW.exe
(DATEV eG) D:\DATEV\PROGRAMM\K0005002\Datev.Sdd.Ui.EditHost.StartupService.exe
(DATEV eG) D:\DATEV\PROGRAMM\RWAPPLIC\Irw.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(TeamViewer GmbH) c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8317472 2009-11-03] (Realtek Semiconductor)
HKLM\...\Run: [HP LaserJet M2727 MFP Series Fax] - C:\Program Files (x86)\HP\hp LaserJet M2727\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-05-19] (Hewlett-Packard Company)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2011-11-11] (Apple Inc.)
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] ()
HKLM-x32\...\Run: [ToolBoxFX] - C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2010-01-27] (HP)
HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [36864 2007-08-31] ()
HKLM-x32\...\Run: [DATEV Update-Monitor] - D:\Datev\PROGRAMM\Install\DvInesASDMon.exe [288352 2012-12-20] (DATEV eG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-11-27] (McAfee, Inc.)
HKLM-x32\...\Run: [SiPaHost] - D:\DATEV\PROGRAMM\B0000398\SiPaHost.exe [551464 2013-01-18] (DATEV eG)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - D:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe64.dll (DATEV eG)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130815235732.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - D:\DATEV\SYSTEM\DVCCSASCardBHO64002.Dll (DATEV eG)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - D:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130815235732.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - D:\DATEV\SYSTEM\DVCCSAScardBHO002.dll (DATEV eG)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 DATEV Update-Service; D:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [158304 2012-12-20] (DATEV eG)
R2 DATEV ViwasClientService; D:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe [69216 2013-02-05] (DATEV eG)
R2 DatevPrintService; D:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2013-04-08] (DATEV eG)
R2 Dcmanag; D:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe [177760 2012-06-05] (DATEV eG)
R2 DVckService; D:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe [2653224 2013-01-28] (DATEV eG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.)
R2 Hp.Skyroom.Windows.Service; C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [124472 2010-03-03] (Hewlett-Packard)
R2 KOBIL_MSDI; D:\DATEV\PROGRAMM\B0000404\msdisrv.exe [192512 2011-03-03] (KOBIL Systems GmbH)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-11-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [202376 2012-09-25] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [209760 2011-09-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2012-09-25] (McAfee, Inc.)
R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
R2 rgsender; c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [379904 2009-11-19] (Hewlett-Packard, Inc.)
R2 Sicherheitspaket-Dienst; D:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe [196136 2013-01-18] (DATEV eG)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R3 Datev.Database.Conserve; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R2 Datev.Framework.RemoteServiceModel.EnablerService; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
R3 Datev.Framework.RemoteServices; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
R3 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]

==================== Drivers (Whitelisted) ====================

R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [25344 2011-04-23] (KOBIL Systems GmbH)
R3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2012-12-25] (KOBIL Systems GmbH)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169192 2012-09-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [282736 2012-09-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [673624 2012-09-25] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2012-09-25] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [305280 2012-09-25] (McAfee, Inc.)
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [84728 2012-07-03] (Datev eG)
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [84728 2012-07-03] (Datev eG)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U0 dmboot; 
U3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-17 13:20 - 2013-09-17 13:20 - 01950524 _____ (Farbar) C:\Users\ggross\Desktop\FRST64.exe
2013-09-16 03:05 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-16 03:05 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-16 03:05 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-16 03:05 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-16 03:05 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-16 03:05 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-16 03:05 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-16 03:05 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-16 03:05 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-16 03:05 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-16 03:05 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-16 03:05 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-16 03:05 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-16 03:05 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-16 03:05 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-16 03:05 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-16 03:05 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-16 03:05 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-16 03:05 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-16 03:05 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-16 03:05 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-16 03:05 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-16 03:05 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-16 03:05 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-16 03:05 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-16 03:05 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-16 03:05 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-16 03:05 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-16 03:05 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-16 03:04 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-16 03:04 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-15 17:03 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-15 17:03 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-15 17:03 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-15 17:03 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-15 17:03 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-15 17:03 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-15 17:03 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-15 17:03 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-15 17:03 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-15 17:03 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-15 17:03 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-15 17:03 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-15 17:03 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-15 17:03 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-15 17:03 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-15 17:03 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-15 17:03 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-15 17:03 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-15 17:03 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-15 17:03 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-15 17:03 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-15 17:03 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-15 17:02 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-15 17:02 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-15 17:02 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-15 17:02 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-15 17:02 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-07 22:00 - 2013-09-07 22:00 - 00000929 _____ C:\Users\ggross\Desktop\JRT.txt
2013-09-07 21:53 - 2013-09-06 05:32 - 01028823 _____ (Thisisu) C:\Users\ggross\Desktop\JRT_NEW.exe
2013-09-07 21:51 - 2013-09-07 21:51 - 00001255 _____ C:\Users\ggross\Desktop\AdwCleaner[S3].txt
2013-09-07 20:41 - 2013-09-07 20:41 - 01037278 _____ C:\Users\ggross\Desktop\adwcleaner.exe
2013-09-05 21:00 - 2013-09-05 21:01 - 00464381 _____ C:\Users\ggross\Desktop\SpyHunterKiller.exe
2013-08-26 22:57 - 2013-09-07 20:43 - 00000000 ____D C:\AdwCleaner
2013-08-26 22:56 - 2013-08-26 22:56 - 00994642 _____ C:\Users\ggross\Downloads\adwcleaner.exe
2013-08-21 11:54 - 2013-08-21 11:54 - 02347384 _____ (ESET) C:\Users\ggross\Downloads\esetsmartinstaller_enu.exe
2013-08-21 11:54 - 2013-08-21 11:54 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-20 17:40 - 2013-08-26 23:15 - 00000000 ____D C:\Users\ggross\AppData\Roaming\Mozilla
2013-08-20 17:38 - 2013-08-20 17:38 - 00282008 _____ (Mozilla) C:\Users\ggross\Downloads\Firefox Setup Stub 23.0.1.exe
2013-08-20 12:42 - 2013-08-20 12:42 - 00000000 ____D C:\Users\ggross\AppData\Roaming\Malwarebytes
2013-08-20 12:42 - 2013-08-20 12:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-20 12:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== One Month Modified Files and Folders =======

2013-09-17 16:00 - 2011-12-24 12:20 - 00000000 ____D C:\Users\ggross\AppData\Local\484B0A56-7803-4F13-A847-82265F7F70F3.aplzod
2013-09-17 15:52 - 2012-12-25 14:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-17 13:51 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-17 13:51 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-17 13:47 - 2011-03-09 08:59 - 02022016 _____ C:\Windows\WindowsUpdate.log
2013-09-17 13:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-17 13:43 - 2009-07-14 06:51 - 00064488 _____ C:\Windows\setupact.log
2013-09-17 13:26 - 2013-08-15 20:48 - 00000000 ____D C:\FRST
2013-09-17 13:22 - 2011-04-22 21:30 - 00112282 _____ C:\Windows\PFRO.log
2013-09-17 13:20 - 2013-09-17 13:20 - 01950524 _____ (Farbar) C:\Users\ggross\Desktop\FRST64.exe
2013-09-17 12:21 - 2011-04-26 14:28 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-16 17:47 - 2011-04-25 14:49 - 00005704 _____ C:\Users\ggross\AppData\Local\EmptySettings.xml
2013-09-16 11:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-16 07:42 - 2011-04-23 17:52 - 00000000 ___RD C:\Users\ggross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-16 07:42 - 2011-04-23 17:52 - 00000000 ___RD C:\Users\ggross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-16 03:23 - 2009-07-14 06:45 - 00519080 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-16 03:04 - 2013-08-07 21:01 - 00000000 ____D C:\Windows\system32\MRT
2013-09-16 03:04 - 2011-04-23 18:40 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-16 03:04 - 2011-04-22 13:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-15 18:07 - 2012-12-25 14:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-15 18:07 - 2012-12-25 14:29 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-15 18:07 - 2011-09-14 08:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-15 16:40 - 2011-03-09 08:59 - 00000000 ____D C:\ProgramData\PDFC
2013-09-07 22:36 - 2011-04-23 17:51 - 00000000 ____D C:\Users\ggross\AppData\Local\VirtualStore
2013-09-07 22:00 - 2013-09-07 22:00 - 00000929 _____ C:\Users\ggross\Desktop\JRT.txt
2013-09-07 21:51 - 2013-09-07 21:51 - 00001255 _____ C:\Users\ggross\Desktop\AdwCleaner[S3].txt
2013-09-07 20:43 - 2013-08-26 22:57 - 00000000 ____D C:\AdwCleaner
2013-09-07 20:41 - 2013-09-07 20:41 - 01037278 _____ C:\Users\ggross\Desktop\adwcleaner.exe
2013-09-06 05:32 - 2013-09-07 21:53 - 01028823 _____ (Thisisu) C:\Users\ggross\Desktop\JRT_NEW.exe
2013-09-05 21:01 - 2013-09-05 21:00 - 00464381 _____ C:\Users\ggross\Desktop\SpyHunterKiller.exe
2013-09-02 19:47 - 2011-03-09 09:41 - 00766568 _____ C:\Windows\system32\perfh007.dat
2013-09-02 19:47 - 2011-03-09 09:41 - 00174774 _____ C:\Windows\system32\perfc007.dat
2013-09-02 19:47 - 2009-07-14 07:13 - 01809554 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-26 23:15 - 2013-08-20 17:40 - 00000000 ____D C:\Users\ggross\AppData\Roaming\Mozilla
2013-08-26 23:15 - 2013-06-26 08:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-26 22:56 - 2013-08-26 22:56 - 00994642 _____ C:\Users\ggross\Downloads\adwcleaner.exe
2013-08-21 11:54 - 2013-08-21 11:54 - 02347384 _____ (ESET) C:\Users\ggross\Downloads\esetsmartinstaller_enu.exe
2013-08-21 11:54 - 2013-08-21 11:54 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-20 17:38 - 2013-08-20 17:38 - 00282008 _____ (Mozilla) C:\Users\ggross\Downloads\Firefox Setup Stub 23.0.1.exe
2013-08-20 12:42 - 2013-08-20 12:42 - 00000000 ____D C:\Users\ggross\AppData\Roaming\Malwarebytes
2013-08-20 12:42 - 2013-08-20 12:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-19 17:26 - 2012-01-30 20:40 - 00000000 ____D C:\Users\ggross\AppData\Roaming\HpUpdate

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-15 19:21

==================== End Of Log ============================

--- --- ---

cosinus · 17.09.2013, 16:01

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

17.09.2013, 13:37	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7: Browser leitet ungewollt auf Werbung weiter Ein frisches FRST-Log bitte. FRST vorher neu runterladen __________________ Logfiles bitte immer in CODE-Tags posten

Windows 7: Browser leitet ungewollt auf Werbung weiter

Plagegeister aller Art und deren Bekämpfung: Windows 7: Browser leitet ungewollt auf Werbung weiter