Windows 7: Browser leitet ungewollt auf Werbung weiter

Trestar · 15.08.2013, 19:40

Hallo zusammen,

ich habe das Problem, dass ich sowohl im Firefox als auch im Internet Explorer beim Klicken auf Google Links auf andere, nicht gewünschte Seiten mit Werbung weitergeleitet werde. Zudem kann ich das Windows-Sicherheitscenter nicht mehr aktivieren. Ich habe in den Browsern bereits alle Cookies gelöscht und alle Einstellungen zurückgesetzt. Leider hat sich keine Besserung ergeben.
Ich vermute nach meinen Recherchen im Internet, dass es sich um den Google Redirect Virus handelt. Allerdings hat keine der dort gefundenen Wege mir Abhilfe geschafft bzw. sie waren technisch zu anspruchsvoll für mich.

Ich wäre Euch sehr dankbar, wenn ihr mir weiterhelfen könntet.

Viele Grüße,
Sven

cosinus · 15.08.2013, 19:43

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Trestar · 15.08.2013, 20:08

Hallo Cosinus,

vielen Dank, dass Du Dich meines Problems annimmst.

Hier ist das Ergebnis des Farbar's Recovery Scann Tools:

Frst.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01
Ran by ggross (administrator) on 15-08-2013 20:49:26
Running from C:\Users\ggross\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DATEV eG) D:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe
(DATEV eG) D:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
(DATEV eG) D:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE
(DATEV eG) D:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(KOBIL Systems GmbH) D:\DATEV\PROGRAMM\B0000404\msdisrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\hp laserjet m2727\hppfaxprintersrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() D:\Datev\PROGRAMM\A0000007\DHNC.exe
(DATEV eG) D:\Datev\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe
(DATEV eG) D:\Datev\PROGRAMM\Sws\LiMaServer.exe
(DATEV eG) D:\DATEV\SYSTEM\rzpjwtch.exe
(DATEV eG) D:\DATEV\PROGRAMM\DFUEISDN\sslclt\sslclt.exe
(DATEVeG) D:\DATEV\PROGRAMM\B0000299\as\as.exe
(DATEVeG) D:\DATEV\PROGRAMM\B0000299\as\as.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(DATEV eG) D:\DATEV\PROGRAMM\SWS\LiMaService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(HP) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
() C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
(DATEV eG) D:\Datev\PROGRAMM\Install\DvInesASDMon.Exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(DATEV eG) D:\Datev\PROGRAMM\B0000398\SiPaHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Hewlett-Packard, Inc.) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mcconsol.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8317472 2009-11-03] (Realtek Semiconductor)
HKLM\...\Run: [HP LaserJet M2727 MFP Series Fax] - C:\Program Files (x86)\HP\hp LaserJet M2727\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM-x32\...\runonceex: [ContentMerger] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-05-19] (Hewlett-Packard Company)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2011-11-11] (Apple Inc.)
HKCU\...\Run: [Selyro] - C:\Users\ggross\AppData\Roaming\Vapae\olza.exe [x]
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] ()
HKLM-x32\...\Run: [ToolBoxFX] - C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2010-01-27] (HP)
HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [36864 2007-08-31] ()
HKLM-x32\...\Run: [DATEV Update-Monitor] - D:\Datev\PROGRAMM\Install\DvInesASDMon.exe [288352 2012-12-20] (DATEV eG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-11-27] (McAfee, Inc.)
HKLM-x32\...\Run: [SiPaHost] - D:\DATEV\PROGRAMM\B0000398\SiPaHost.exe [551464 2013-01-18] (DATEV eG)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk
ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> D:\Datev\PROGRAMM\BSOffice\service\OfficeDiag.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk
ShortcutTarget: CleanupPrintJobs.lnk -> D:\Datev\PROGRAMM\B0001401\CleanupPrintJobs.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DATEV-Hinweis Mitteilungsdienst.lnk
ShortcutTarget: DATEV-Hinweis Mitteilungsdienst.lnk -> D:\Datev\PROGRAMM\A0000007\DHNC.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DFÜ-Manager.lnk
ShortcutTarget: DFÜ-Manager.lnk -> D:\Datev\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lizenz-Manager Server.lnk
ShortcutTarget: Lizenz-Manager Server.lnk -> D:\Datev\PROGRAMM\Sws\LiMaServer.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RZ-Druckertreiber V.2.3.lnk
ShortcutTarget: RZ-Druckertreiber V.2.3.lnk -> D:\DATEV\SYSTEM\rzpjwtch.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
ShortcutTarget: SkyUserDevmode-Update.lnk -> D:\Datev\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG)

==================== Internet (Whitelisted) ====================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - D:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe64.dll (DATEV eG)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130619214322.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - D:\DATEV\SYSTEM\DVCCSASCardBHO64002.Dll (DATEV eG)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - D:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130619214323.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - D:\DATEV\SYSTEM\DVCCSAScardBHO002.dll (DATEV eG)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ggross\AppData\Roaming\Mozilla\Firefox\Profiles\tb01pwn2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @datev.de/DATEV_BestellManager,version=1.7 - D:\DATEV\PROGRAMM\A0000015\npdvbm.dll ( DATEV eG)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 DATEV Update-Service; D:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [158304 2012-12-20] (DATEV eG)
R2 DATEV ViwasClientService; D:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe [69216 2013-02-05] (DATEV eG)
R2 DatevPrintService; D:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2013-04-08] (DATEV eG)
R2 Dcmanag; D:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe [177760 2012-06-05] (DATEV eG)
R2 DVckService; D:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe [2653224 2013-01-28] (DATEV eG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.)
R2 Hp.Skyroom.Windows.Service; C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [124472 2010-03-03] (Hewlett-Packard)
R2 KOBIL_MSDI; D:\DATEV\PROGRAMM\B0000404\msdisrv.exe [192512 2011-03-03] (KOBIL Systems GmbH)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-11-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [202376 2012-09-25] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [209760 2011-09-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2012-09-25] (McAfee, Inc.)
R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
R2 rgsender; c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [379904 2009-11-19] (Hewlett-Packard, Inc.)
R2 Sicherheitspaket-Dienst; D:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe [196136 2013-01-18] (DATEV eG)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S3 Datev.Database.Conserve; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R2 Datev.Framework.RemoteServiceModel.EnablerService; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
R3 Datev.Framework.RemoteServices; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
R3 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]

==================== Drivers (Whitelisted) ====================

R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [25344 2011-04-23] (KOBIL Systems GmbH)
R3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2012-12-25] (KOBIL Systems GmbH)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169192 2012-09-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [282736 2012-09-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [673624 2012-09-25] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2012-09-25] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [305280 2012-09-25] (McAfee, Inc.)
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [84728 2012-07-03] (Datev eG)
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [84728 2012-07-03] (Datev eG)
U0 dmboot; 
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-15 20:48 - 2013-08-15 20:48 - 00000000 ____D C:\FRST
2013-08-15 20:10 - 2013-08-15 20:10 - 00001449 _____ C:\AdwCleaner[S1].txt
2013-08-15 20:10 - 2013-08-15 20:10 - 00001387 _____ C:\AdwCleaner[R1].txt
2013-08-15 20:08 - 2013-08-15 20:08 - 00666633 _____ C:\Users\ggross\Downloads\adwcleaner.exe
2013-08-15 19:46 - 2013-08-15 19:46 - 00000000 ____D C:\Users\ggross\Downloads\backups
2013-08-15 19:38 - 2013-08-15 19:38 - 00003134 _____ C:\Windows\System32\Tasks\{493B5B7B-1FB3-4CE1-B1A1-4D0CE1106EE5}
2013-08-15 19:33 - 2013-08-15 19:46 - 00014205 _____ C:\Users\ggross\Downloads\hijackthis.log
2013-08-15 19:32 - 2013-08-15 19:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\ggross\Downloads\HiJackThis204.exe
2013-08-15 18:27 - 2013-08-15 20:01 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-15 18:27 - 2013-08-15 18:27 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-15 18:27 - 2013-08-15 18:27 - 00000000 _____ C:\autoexec.bat
2013-08-15 18:24 - 2013-08-15 18:24 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\ggross\Downloads\SpyHunter-Installer.exe
2013-08-15 17:28 - 2013-08-15 17:28 - 00000000 ____D C:\Windows\pss
2013-08-15 17:15 - 2013-08-15 17:15 - 00000116 ___RH C:\Users\ggross\Downloads\Stinger.opt
2013-08-15 16:56 - 2013-08-15 17:15 - 00000000 ____D C:\Program Files (x86)\stinger
2013-08-15 16:56 - 2013-08-15 17:13 - 00000632 _____ C:\Users\ggross\Downloads\Stinger_15082013_165656.html
2013-08-15 16:56 - 2013-08-15 16:56 - 11618336 _____ (McAfee Inc) C:\Users\ggross\Downloads\stinger32.exe
2013-08-15 16:34 - 2013-08-15 20:09 - 00000000 ____D C:\AdwCleaner
2013-08-15 16:33 - 2013-08-15 16:33 - 00800594 _____ C:\Users\ggross\Downloads\adwcleaner30.exe
2013-08-15 16:16 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 16:16 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 16:16 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 16:16 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 16:16 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 16:16 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 16:16 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 16:16 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 16:16 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 16:16 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 16:16 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 16:16 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 16:06 - 2013-08-15 16:06 - 00000000 ____D C:\Users\ggross\Qtrax
2013-08-15 16:02 - 2013-08-15 16:02 - 00003798 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-08-15 16:02 - 2013-08-15 16:02 - 00000000 ____D C:\Users\ggross\AppData\Local\Google
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-15 15:53 - 2013-08-15 15:53 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-15 15:52 - 2013-08-15 15:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-15 12:05 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 12:05 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 12:05 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 12:05 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 12:05 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 12:05 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 12:05 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 12:05 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 12:05 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 12:05 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 12:05 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 12:05 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 12:05 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 12:05 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 12:04 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 12:04 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 12:04 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 12:04 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 12:04 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 12:04 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 12:04 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 12:04 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 12:04 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 12:04 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 12:04 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 12:04 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 12:04 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-07 21:01 - 2013-08-15 16:13 - 00000000 ____D C:\Windows\system32\MRT
2013-07-30 09:15 - 2013-07-30 09:15 - 00000000 ____D C:\Users\ggross\AppData\Roaming\DokOrg
2013-07-23 18:13 - 2013-07-23 18:13 - 00638360 _____ C:\Windows\Minidump\072313-26754-01.dmp
2013-07-23 17:06 - 2013-07-23 18:13 - 665346230 _____ C:\Windows\MEMORY.DMP
2013-07-23 17:06 - 2013-07-23 18:13 - 00000000 ____D C:\Windows\Minidump
2013-07-23 17:06 - 2013-07-23 17:06 - 00835392 _____ C:\Windows\Minidump\072313-30014-01.dmp
2013-07-22 13:39 - 2013-07-22 13:39 - 00032792 _____ C:\Users\ggross\Downloads\Antrag auf Erteilung einer Bescheinigung für das Kalenderjahr 200_ für beschränkt einkommensteuerpflichtige Arbeitnehmer.ffwp

==================== One Month Modified Files and Folders =======

2013-08-15 20:48 - 2013-08-15 20:48 - 01575570 _____ (Farbar) C:\Users\ggross\Downloads\FRST64.exe
2013-08-15 20:48 - 2013-08-15 20:48 - 00000000 ____D C:\FRST
2013-08-15 20:20 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-15 20:20 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-15 20:11 - 2013-05-08 09:45 - 00000302 _____ C:\Windows\Tasks\Ukhvpsygr.job
2013-08-15 20:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-15 20:11 - 2009-07-14 06:51 - 00063166 _____ C:\Windows\setupact.log
2013-08-15 20:10 - 2013-08-15 20:10 - 00001449 _____ C:\AdwCleaner[S1].txt
2013-08-15 20:10 - 2013-08-15 20:10 - 00001387 _____ C:\AdwCleaner[R1].txt
2013-08-15 20:10 - 2011-03-09 08:59 - 01428884 _____ C:\Windows\WindowsUpdate.log
2013-08-15 20:09 - 2013-08-15 16:34 - 00000000 ____D C:\AdwCleaner
2013-08-15 20:08 - 2013-08-15 20:08 - 00666633 _____ C:\Users\ggross\Downloads\adwcleaner.exe
2013-08-15 20:01 - 2013-08-15 18:27 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-15 19:52 - 2012-12-25 14:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-15 19:46 - 2013-08-15 19:46 - 00000000 ____D C:\Users\ggross\Downloads\backups
2013-08-15 19:46 - 2013-08-15 19:33 - 00014205 _____ C:\Users\ggross\Downloads\hijackthis.log
2013-08-15 19:38 - 2013-08-15 19:38 - 00003134 _____ C:\Windows\System32\Tasks\{493B5B7B-1FB3-4CE1-B1A1-4D0CE1106EE5}
2013-08-15 19:32 - 2013-08-15 19:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\ggross\Downloads\HiJackThis204.exe
2013-08-15 18:27 - 2013-08-15 18:27 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-15 18:27 - 2013-08-15 18:27 - 00000000 _____ C:\autoexec.bat
2013-08-15 18:24 - 2013-08-15 18:24 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\ggross\Downloads\SpyHunter-Installer.exe
2013-08-15 17:28 - 2013-08-15 17:28 - 00000000 ____D C:\Windows\pss
2013-08-15 17:15 - 2013-08-15 17:15 - 00000116 ___RH C:\Users\ggross\Downloads\Stinger.opt
2013-08-15 17:15 - 2013-08-15 16:56 - 00000000 ____D C:\Program Files (x86)\stinger
2013-08-15 17:13 - 2013-08-15 16:56 - 00000632 _____ C:\Users\ggross\Downloads\Stinger_15082013_165656.html
2013-08-15 16:56 - 2013-08-15 16:56 - 11618336 _____ (McAfee Inc) C:\Users\ggross\Downloads\stinger32.exe
2013-08-15 16:33 - 2013-08-15 16:33 - 00800594 _____ C:\Users\ggross\Downloads\adwcleaner30.exe
2013-08-15 16:31 - 2012-09-07 12:22 - 00000000 ____D C:\Quarantäne
2013-08-15 16:18 - 2011-04-22 21:30 - 00099482 _____ C:\Windows\PFRO.log
2013-08-15 16:14 - 2011-03-09 09:41 - 00763020 _____ C:\Windows\system32\perfh007.dat
2013-08-15 16:14 - 2011-03-09 09:41 - 00173726 _____ C:\Windows\system32\perfc007.dat
2013-08-15 16:14 - 2009-07-14 07:13 - 01821850 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-15 16:13 - 2013-08-07 21:01 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 16:11 - 2011-04-23 18:40 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 16:06 - 2013-08-15 16:06 - 00000000 ____D C:\Users\ggross\Qtrax
2013-08-15 16:06 - 2011-04-23 17:51 - 00000000 ____D C:\Users\ggross
2013-08-15 16:02 - 2013-08-15 16:02 - 00003798 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-08-15 16:02 - 2013-08-15 16:02 - 00000000 ____D C:\Users\ggross\AppData\Local\Google
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-15 15:59 - 2013-06-26 08:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 15:54 - 2011-04-23 18:59 - 00000000 ____D C:\Users\ggross\AppData\Local\Adobe
2013-08-15 15:53 - 2013-08-15 15:53 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-15 15:52 - 2013-08-15 15:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-15 15:52 - 2011-04-22 14:04 - 00000000 ____D C:\ProgramData\Adobe
2013-08-15 15:41 - 2012-12-25 14:29 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-15 15:41 - 2012-12-25 14:29 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-15 15:41 - 2011-09-14 08:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-15 12:01 - 2011-04-24 23:41 - 00000000 ____D D:\Eigene Dokumente\Outlook-Dateien
2013-08-15 11:55 - 2011-12-24 12:20 - 00000000 ____D C:\Users\ggross\AppData\Local\484B0A56-7803-4F13-A847-82265F7F70F3.aplzod
2013-08-13 10:43 - 2011-04-24 09:39 - 00000000 ____D D:\Eigene Dokumente\Buchhaltung
2013-08-13 10:14 - 2011-04-26 14:28 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-12 11:33 - 2011-04-25 14:49 - 00005821 _____ C:\Users\ggross\AppData\Local\EmptySettings.xml
2013-08-12 09:43 - 2012-01-30 20:40 - 00000000 ____D C:\Users\ggross\AppData\Roaming\HpUpdate
2013-08-11 14:40 - 2011-04-24 09:39 - 00000000 ____D D:\Eigene Dokumente\Elster
2013-08-11 10:15 - 2011-03-09 08:59 - 00000000 ____D C:\ProgramData\PDFC
2013-08-09 13:23 - 2011-04-24 09:39 - 00000000 ____D D:\Eigene Dokumente\Einsprüche
2013-08-09 03:03 - 2011-04-22 13:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-09 03:03 - 2009-07-14 04:34 - 00000513 _____ C:\Windows\win.ini
2013-08-08 12:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-07 21:01 - 2011-04-23 19:32 - 01777752 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-02 14:12 - 2011-04-24 09:39 - 00000000 ____D D:\Eigene Dokumente\Briefe Allgemein
2013-07-30 09:15 - 2013-07-30 09:15 - 00000000 ____D C:\Users\ggross\AppData\Roaming\DokOrg
2013-07-30 09:15 - 2011-04-23 19:19 - 00000021 _____ C:\Windows\DvInesKurusOleServer003.INI
2013-07-30 09:10 - 2011-04-23 20:44 - 00000151 _____ C:\Windows\ODBC.INI
2013-07-30 09:09 - 2011-04-23 21:35 - 00000000 ____D C:\Users\ggross\AppData\Local\DATEV
2013-07-30 09:06 - 2011-04-28 12:18 - 00000093 _____ C:\Users\ggross\AppData\Roaming\BEVI.CFG
2013-07-29 07:48 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-28 13:22 - 2011-04-24 09:39 - 00000000 ____D D:\Eigene Dokumente\Briefe FA
2013-07-26 07:13 - 2013-08-15 16:16 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 16:16 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-15 16:16 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-15 16:16 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-15 16:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 16:16 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 16:16 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 16:16 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-15 16:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-15 16:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 16:16 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 16:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-15 12:05 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 12:05 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-23 18:13 - 2013-07-23 18:13 - 00638360 _____ C:\Windows\Minidump\072313-26754-01.dmp
2013-07-23 18:13 - 2013-07-23 17:06 - 665346230 _____ C:\Windows\MEMORY.DMP
2013-07-23 18:13 - 2013-07-23 17:06 - 00000000 ____D C:\Windows\Minidump
2013-07-23 17:06 - 2013-07-23 17:06 - 00835392 _____ C:\Windows\Minidump\072313-30014-01.dmp
2013-07-22 13:39 - 2013-07-22 13:39 - 00032792 _____ C:\Users\ggross\Downloads\Antrag auf Erteilung einer Bescheinigung für das Kalenderjahr 200_ für beschränkt einkommensteuerpflichtige Arbeitnehmer.ffwp
2013-07-19 03:58 - 2013-08-15 12:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-19 03:41 - 2013-08-15 12:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-02 10:11

==================== End Of Log ============================

--- --- ---

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2013 01
Ran by ggross at 2013-08-15 20:51:17
Running from C:\Users\ggross\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
64 Bit HP CIO Components Installer (Version: 7.2.8)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Apple Application Support (x32 Version: 2.1.6)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.790.0)
B1315AppGuid (x32 Version: 1.0.0)
Bing Bar (x32 Version: 7.1.361.0)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0914.2137.36960)
Catalyst Control Center InstallProxy (x32 Version: 2010.0914.2137.36960)
Catalyst Control Center Localization All (x32 Version: 2010.0914.2137.36960)
CCC Help Chinese Standard (x32 Version: 2010.0914.2136.36960)
CCC Help Chinese Traditional (x32 Version: 2010.0914.2136.36960)
CCC Help Czech (x32 Version: 2010.0914.2136.36960)
CCC Help Danish (x32 Version: 2010.0914.2136.36960)
CCC Help Dutch (x32 Version: 2010.0914.2136.36960)
CCC Help English (x32 Version: 2010.0914.2136.36960)
CCC Help Finnish (x32 Version: 2010.0914.2136.36960)
CCC Help French (x32 Version: 2010.0914.2136.36960)
CCC Help German (x32 Version: 2010.0914.2136.36960)
CCC Help Greek (x32 Version: 2010.0914.2136.36960)
CCC Help Hungarian (x32 Version: 2010.0914.2136.36960)
CCC Help Italian (x32 Version: 2010.0914.2136.36960)
CCC Help Japanese (x32 Version: 2010.0914.2136.36960)
CCC Help Korean (x32 Version: 2010.0914.2136.36960)
CCC Help Norwegian (x32 Version: 2010.0914.2136.36960)
CCC Help Polish (x32 Version: 2010.0914.2136.36960)
CCC Help Portuguese (x32 Version: 2010.0914.2136.36960)
CCC Help Russian (x32 Version: 2010.0914.2136.36960)
CCC Help Spanish (x32 Version: 2010.0914.2136.36960)
CCC Help Swedish (x32 Version: 2010.0914.2136.36960)
CCC Help Thai (x32 Version: 2010.0914.2136.36960)
CCC Help Turkish (x32 Version: 2010.0914.2136.36960)
ccc-core-static (x32 Version: 2010.0914.2137.36960)
ccc-utility64 (Version: 2010.0914.2137.36960)
Crystal Reports Runtime XI (x32 Version: 1.0.9)
Customer Participation Program 9.0 (Version: 9.0)
CustomerResearchQFolder (x32 Version: 1.00.0000)
DATEV Infragistics Runtime V.3.2 (x32 Version: 3.2.0)
DATEV Installation V.3.1 (x32)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DeviceDiscovery (x32 Version: 90.0.146.000)
DeviceManagementQFolder (x32 Version: 1.00.0000)
DFL2010 ConfigDB (x32 Version: 4.18.4066.0)
DFL2010 Microkernel (x32 Version: 4.18.4066.0)
Dialogseminar online V.3.02 (x32 Version: 10.2.8.2136)
DirectX 9 Runtime (x32 Version: 1.00.0000)
ElsterFormular (x32 Version: 14.3.11574)
ElsterFormular-Upgrade (x32 Version: 14.3.11574)
FormsForWeb® Filler 3.1 (x32 Version: 3.1)
Google Update Helper (x32 Version: 1.3.23.0)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3)
HP LaserJet M2727 MFP Series 5.2 (Version: 5.2)
HP Performance Advisor (x32 Version: 1.1.1916)
HP SkyRoom (x32 Version: 1.1.6.5201.)
HP Support Assistant (x32 Version: 5.1.0.5)
HP Update (x32 Version: 5.005.000.001)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2)
hppFaxDrvM2727 (x32 Version: 003.100.00001)
hppFaxUtility (x32 Version: 001.001.00017)
hppFonts (x32 Version: 001.001.00056)
hppLaserJetService (x32 Version: 001.200.00001)
hppLJM2727 (x32 Version: 000.102.00101)
hppManualsM2727 (x32 Version: 000.002.00001)
hppScanTo (x32 Version: 003.103.00004)
hppSendFaxM2727 (x32 Version: 003.000.00001)
hppTLBXFXM2727 (x32 Version: 001.005.00009)
hppusgM2727 (x32 Version: 000.000.00006)
HPSSupply (x32 Version: 2.2.0.0000)
hpzTLBXFX (x32 Version: 005.009.00181)
iCloud (Version: 1.0.2.17)
Intel(R) Control Center (x32 Version: 1.2.0.1006)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
InterVideo WinDVD 8 (x32 Version: 8.5.10.64)
I-Port.de (x32 Version: 2.3.0.93)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaFX 2.1.1 (x32 Version: 2.1.1)
KassEx 9.0 (x32)
kobdfu x64x86 driver installation (x32 Version: 1.00.0000)
KOBIL CCID driver x64x86 (x32 Version: 1.012.01041)
LightScribe System Software (x32 Version: 1.18.5.1)
MarketResearch (x32 Version: 90.0.146.000)
McAfee Agent (x32 Version: 4.6.0.3122)
McAfee VirusScan Enterprise (x32 Version: 8.8.02004)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Access 2002 Runtime (x32 Version: 10.0.6626.0)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Primary Interop Assemblies (x32 Version: 14.0.4763.1024)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.51.2500.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0)
Microsoft SQL Server Browser (x32 Version: 10.51.2500.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 10.51.2500.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XML Parser (x32 Version: 8.70.1104.04)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Nokia Connectivity Cable Driver (Version: 7.1.32.69)
PDF Complete Special Edition (x32 Version: 3.5.112)
Product_Min_QFolder (x32 Version: 1.00.0000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5973)
Remote Graphics Receiver (x32 Version: 5.3.2)
Remote Graphics Sender (x32 Version: 5.3.2)
Roxio Activation Module (x32 Version: 1.0)
Roxio Creator Audio (x32 Version: 3.8.0)
Roxio Creator Business (x32 Version: 10.3)
Roxio Creator Business v10 (x32 Version: 3.8.0)
Roxio Creator Copy (x32 Version: 3.8.0)
Roxio Creator Data (x32 Version: 3.8.0)
Roxio Creator Tools (x32 Version: 3.8.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Roxio MyDVD (x32 Version: 10.1.349)
SCR3xxx Smart Card Reader (x32 Version: 8.41)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (Version: 10.51.2500.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
SPR532 SmartCard Reader V1.87 (x32 Version: 1.87)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Full text search (Version: 10.51.2500.0)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
SQLXML4 (Version: 9.00.5000.00)
sv.net (x32 Version: 13.1)
TeamViewer 6 (x32 Version: 6.0.10511)
TeamViewer 7 (x32 Version: 7.0.14484)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
VD64Inst (Version: 1.00.0000)
WebReg (x32 Version: 90.0.146.000)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0063DA66-ADDD-46BB-9508-C24CD9FBC0FA} - \DSite No Task File
Task: {0F2C271A-B8CF-490B-AA9C-6045909123EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-07-14] (Hewlett-Packard Company)
Task: {12B93E56-D185-4A06-B831-A03B1F573779} - \Dealply No Task File
Task: {17879C6D-646E-4D75-B9EB-1B653443CB0D} - System32\Tasks\WPD\SqmUpload_S-1-5-21-505636168-3126381596-3893325814-1003 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {4E04E85F-2A2A-456E-8935-8966D9FD50FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-15] (Adobe Systems Incorporated)
Task: {742CEA07-BA4B-419C-8CA3-D09FDF7D8231} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [2013-05-13] (Microsoft Corporation)
Task: {9B3E1431-D683-4D0A-9382-6C46B9A39EBB} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {9FCAC5BE-C8F4-4277-8BF3-EBE130825940} - System32\Tasks\Ukhvpsygr => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {C1E04485-C3B2-4560-9CF6-56FF7FA83616} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-07-14] (Hewlett-Packard Company)
Task: {FFBB317B-8199-4DB1-8CEA-C2A357C53FD8} - System32\Tasks\VIWAS Hintergrundprogramm => D:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe [2013-02-05] (DATEV eG)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Ukhvpsygr.job => C:\Windows\SysWOW64\whoamig.dll

==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2013 07:40:30 PM) (Source: DFÜ-Manager) (User: )
Description: Das DFÜ-System ist inkonsistent.

Error: (08/15/2013 04:11:29 PM) (Source: DFÜ-Manager) (User: )
Description: Das DFÜ-System ist inkonsistent.

Error: (08/15/2013 04:02:40 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: uninstaller.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: uninstaller.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b93fc
ID des fehlerhaften Prozesses: 0x4ac
Startzeit der fehlerhaften Anwendung: 0xuninstaller.exe0
Pfad der fehlerhaften Anwendung: uninstaller.exe1
Pfad des fehlerhaften Moduls: uninstaller.exe2
Berichtskennung: uninstaller.exe3

Error: (08/09/2013 05:06:43 PM) (Source: Datev.Framework.RemoteServiceModel.EnablerService) (User: )
Description: 09.08.2013 17:06:43 13 Error Datev.Framework.RemoteServiceModel  Datev.Framework.RemoteServiceModel.RemoteServiceCommunicationException: Es ist ein lokales Verbindungsproblem auf der Maschine BUERO aufgetreten. (Fehlerdetail ist gleich Datev.Framework.RemoteServiceModel.RemoteServiceExceptionDetail).
ReasonId: 0

Error: (08/09/2013 05:06:43 PM) (Source: Datev.Framework.RemoteServiceModel.EnablerService) (User: )
Description: 09.08.2013 17:06:42 13 Error Datev.Framework.RemoteServiceModel  System.ArgumentException: Async End hat einen Aufruf auf dem falschen Kanal platziert.
Parametername: result
   bei System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
   bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Error: (08/09/2013 10:26:36 AM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service was unable to process a client request.

Error: (08/09/2013 10:26:36 AM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service was unable to process a client request.

Error: (08/09/2013 10:26:36 AM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service was unable to process a client request.

Error: (08/09/2013 10:26:36 AM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service was unable to process a client request.

Error: (08/09/2013 10:26:36 AM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service was unable to process a client request.


System errors:
=============
Error: (08/15/2013 07:44:50 PM) (Source: Service Control Manager) (User: )
Description: Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/15/2013 07:44:50 PM) (Source: Service Control Manager) (User: )
Description: Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/15/2013 07:40:29 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/15/2013 06:25:01 PM) (Source: Service Control Manager) (User: )
Description: Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/15/2013 06:25:01 PM) (Source: Service Control Manager) (User: )
Description: Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/15/2013 04:56:56 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Remote Graphics Sender Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/15/2013 04:56:56 PM) (Source: Service Control Manager) (User: )
Description: Dienst "PDF Document Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/15/2013 04:56:56 PM) (Source: Service Control Manager) (User: )
Description: Dienst "LightScribeService Direct Disc Labeling Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/15/2013 04:56:56 PM) (Source: Service Control Manager) (User: )
Description: Dienst "DATEV Update-Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/15/2013 04:56:56 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (08/15/2013 07:40:30 PM) (Source: DFÜ-Manager)(User: )
Description: 

Error: (08/15/2013 04:11:29 PM) (Source: DFÜ-Manager)(User: )
Description: 

Error: (08/15/2013 04:02:40 PM) (Source: Application Error)(User: )
Description: uninstaller.exe0.0.0.02a425e19uninstaller.exe0.0.0.02a425e19c0000005000b93fc4ac01ce99c01a6a8709C:\Users\ggross\AppData\Local\Temp\IS3571~1\uninstaller.exeC:\Users\ggross\AppData\Local\Temp\IS3571~1\uninstaller.exe58a845da-05b3-11e3-ad90-78acc0a638ea

Error: (08/09/2013 05:06:43 PM) (Source: Datev.Framework.RemoteServiceModel.EnablerService)(User: )
Description: 09.08.2013 17:06:43 13 Error Datev.Framework.RemoteServiceModel  Datev.Framework.RemoteServiceModel.RemoteServiceCommunicationException: Es ist ein lokales Verbindungsproblem auf der Maschine BUERO aufgetreten. (Fehlerdetail ist gleich Datev.Framework.RemoteServiceModel.RemoteServiceExceptionDetail).
ReasonId: 0

Error: (08/09/2013 05:06:43 PM) (Source: Datev.Framework.RemoteServiceModel.EnablerService)(User: )
Description: 09.08.2013 17:06:42 13 Error Datev.Framework.RemoteServiceModel  System.ArgumentException: Async End hat einen Aufruf auf dem falschen Kanal platziert.
Parametername: result
   bei System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
   bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Error: (08/09/2013 10:26:36 AM) (Source: SQLBrowser)(User: )
Description: 

Error: (08/09/2013 10:26:36 AM) (Source: SQLBrowser)(User: )
Description: 

Error: (08/09/2013 10:26:36 AM) (Source: SQLBrowser)(User: )
Description: 

Error: (08/09/2013 10:26:36 AM) (Source: SQLBrowser)(User: )
Description: 

Error: (08/09/2013 10:26:36 AM) (Source: SQLBrowser)(User: )
Description: 


==================== Memory info =========================== 

Percentage of memory in use: 28%
Total physical RAM: 8127.25 MB
Available physical RAM: 5816.83 MB
Total Pagefile: 16252.69 MB
Available Pagefile: 13508.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:239.12 GB) (Free:175.94 GB) NTFS (Disk=0 Partition=2)
Drive d: (Daten) (Fixed) (Total:224.64 GB) (Free:162.36 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E70B3399)
Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=239 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=225 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Zudem hatte ich bei meinen Google-Recherchen noch das Tool HijackThis installiert, mit dem ich aber nicht weitergekommen bin. Das LogFile ebenfalls anbei:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:46:57, on 15.08.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
D:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
D:\Datev\PROGRAMM\Install\DvInesASDMon.Exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
D:\Datev\PROGRAMM\B0000398\SiPaHost.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
D:\Datev\PROGRAMM\A0000007\DHNC.exe
D:\Datev\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe
D:\Datev\PROGRAMM\Sws\LiMaServer.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE
D:\DATEV\SYSTEM\rzpjwtch.exe
D:\DATEV\PROGRAMM\DFUEISDN\sslclt\sslclt.exe
D:\DATEV\PROGRAMM\B0000299\as\as.exe
D:\DATEV\PROGRAMM\B0000299\as\as.exe
D:\DATEV\PROGRAMM\SWS\LiMaService.exe
C:\Users\ggross\Downloads\HiJackThis204.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: DtvIePwdSafe - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - D:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130619214323.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DATEV Smartcard Browser Helper - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - D:\DATEV\SYSTEM\DVCCSAScardBHO002.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - mscoree.dll (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
O4 - HKLM\..\Run: [DATEV Update-Monitor] "D:\Datev\PROGRAMM\Install\DvInesASDMon.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SiPaHost] D:\DATEV\PROGRAMM\B0000398\SiPaHost.exe D:\DATEV\KONFIG\B0000398
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [Selyro] C:\Users\ggross\AppData\Roaming\Vapae\olza.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: Basisschnittstelle Office Initialisierung.lnk = D:\Datev\PROGRAMM\BSOffice\service\OfficeDiag.exe
O4 - Global Startup: CleanupPrintJobs.lnk = D:\Datev\PROGRAMM\B0001401\CleanupPrintJobs.exe
O4 - Global Startup: DATEV-Hinweis Mitteilungsdienst.lnk = D:\Datev\PROGRAMM\A0000007\DHNC.exe
O4 - Global Startup: DFÜ-Manager.lnk = D:\Datev\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe
O4 - Global Startup: Lizenz-Manager Server.lnk = D:\Datev\PROGRAMM\Sws\LiMaServer.exe
O4 - Global Startup: RZ-Druckertreiber V.2.3.lnk = ?
O4 - Global Startup: SkyUserDevmode-Update.lnk = D:\Datev\PROGRAMM\B0001401\UpdateDevmode.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DATEV Update-Service - DATEV eG - D:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe
O23 - Service: DATEV ViwasClientService - DATEV eG - D:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
O23 - Service: DATEV Connection Service (Datev.Database.Conserve) - DATEV eG - D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
O23 - Service: DATEV DFL-Service-Manager (Datev.Framework.RemoteServiceModel.EnablerService) - DATEV eG - D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
O23 - Service: DATEV DFL Infrastruktur-Dienst (Datev.Framework.RemoteServices) - DATEV eG - D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
O23 - Service: DATEV Druckservice (DatevPrintService) - DATEV eG - D:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE
O23 - Service: DATEV DFÜ-System Dienst (Dcmanag) - DATEV eG - D:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
O23 - Service: DVckService - DATEV eG - D:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Sentinel Local License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SkyRoom (Hp.Skyroom.Windows.Service) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KOBIL_MSDI - KOBIL Systems GmbH - D:\DATEV\PROGRAMM\B0000404\msdisrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Graphics Sender Service (rgsender) - Hewlett-Packard, Inc. - c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sicherheitspaket-Dienst - DATEV eG - D:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14203 bytes

cosinus · 15.08.2013, 20:40

Warum postest du ein Hijackthis-Log? Das wollte ich nicht haben, warum steht in meiner Signatur

Außerdem fehlt die Antwort auf meine Frage, ob Virenscanner fündig bei dir geworden sind.

Zitat:

Windows 7 Professional Service Pack 1

Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Ich sehe da auch Software von DATEV

Trestar · 15.08.2013, 20:58

Entschuldige bitte bezüglich des Hijack-Logs, das habe ich übersehen.

Bezüglich dem Viren-Scanner: McAfee findet bei mir keinerlei Bedrohungen und Viren

Der Rechner wird in der Tat auch von mir geschäftlich genutzt. Ich bin Einzelunternehmer ohne Angestellte. Ich bin sehr gerne bereit bei Lösung des Problems mich in Form einer Spende erkenntlich zu zeigen.

cosinus · 15.08.2013, 21:31

Zitat:

Der Rechner wird in der Tat auch von mir geschäftlich genutzt. Ich bin Einzelunternehmer ohne Angestellte. Ich bin sehr gerne bereit bei Lösung des Problems mich in Form einer Spende erkenntlich zu zeigen.

Bitte unsere Hinweise dazu lesen!

Zitat:

3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.

Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

Gelesen und verstanden? Besonders der farbig hervorgehobene Teil.

Trestar · 15.08.2013, 21:41

Ja, das habe ich gelesen und verstanden und werde die Log-Files vor dem Posten durchschauen. Eine IT-Support habe ich als Einzelunternehmer wie gesagt keinen, daher wäre ich sehr dankbar für eure Unterstützung.

cosinus · 15.08.2013, 21:46

Ich hab extra auf den farbig geposteten Text hingewiesen. Ist dir das egal?

Trestar · 15.08.2013, 22:07

Ich habe wie gesagt den farbigen Text gelesen und verstanden. Egal ist es mir deswegen jedoch nicht und ich werde die Logs daher vorher durchschauen, ob heikle Informationen enthalten sind.

Aber ich möchte euch nicht zwingen zu etwas...

cosinus · 15.08.2013, 22:23

Ok. Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Trestar · 15.08.2013, 23:09

Nun habe ich das Combofix-Tool ausgeführt.

Es kam zu Beginn die Meldung, dass folgende Probleme vorlägen:
antivirus: McAfee Virus Scan Enterprise
antispyware: McAfee VirusScan Antispyware Module

Ich hatte jedoch bei McAfee alles ausgeschaltet, was ich konnte und bin dann, wie in der Beschreibung geschrieben, trotzdem fortgefahren.

Hier ist nun das Log-File:

Code:

ATTFilter

ComboFix 13-08-15.02 - ggross 15.08.2013  23:37:39.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8127.5292 [GMT 2:00]
ausgeführt von:: c:\users\ggross\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ggross\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9C0F1FF4-5B7D-466D-B2DC-605054E52AF0}.xps
c:\users\ggross\AppData\Roaming\Opore
c:\users\ggross\AppData\Roaming\Opore\evka.usu
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-15 bis 2013-08-15  ))))))))))))))))))))))))))))))
.
.
2013-08-15 21:43 . 2013-08-15 21:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-08-15 18:48 . 2013-08-15 18:48	--------	d-----w-	C:\FRST
2013-08-15 16:27 . 2013-08-15 16:27	--------	d-----w-	c:\program files\Enigma Software Group
2013-08-15 16:27 . 2013-08-15 18:01	--------	d-----w-	c:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-15 16:27 . 2013-08-15 16:27	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-08-15 14:56 . 2013-08-15 15:15	--------	d-----w-	c:\program files (x86)\stinger
2013-08-15 14:34 . 2013-08-15 18:09	--------	d-----w-	C:\AdwCleaner
2013-08-15 14:06 . 2013-08-15 14:06	--------	d-----w-	c:\users\ggross\Qtrax
2013-08-15 14:02 . 2013-08-15 14:02	--------	d-----w-	c:\users\ggross\AppData\Local\Google
2013-08-15 13:59 . 2013-08-15 13:59	--------	d-----w-	c:\windows\system32\appmgmt
2013-08-15 10:04 . 2013-07-09 06:03	5550528	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-08-15 10:04 . 2013-07-09 05:03	3968960	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-08-15 10:04 . 2013-07-09 05:03	3913664	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-08-15 10:04 . 2013-07-09 05:54	1732032	----a-w-	c:\windows\system32\ntdll.dll
2013-08-15 10:04 . 2013-07-09 05:53	243712	----a-w-	c:\windows\system32\wow64.dll
2013-08-15 10:04 . 2013-07-09 04:53	1292192	----a-w-	c:\windows\SysWow64\ntdll.dll
2013-08-15 10:04 . 2013-07-09 02:49	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-08-15 10:04 . 2013-07-09 04:52	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-08-15 10:04 . 2013-07-09 02:49	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-08-15 10:04 . 2013-07-09 02:49	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-08-15 10:04 . 2013-07-09 02:49	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-08-15 10:04 . 2013-07-06 06:03	1910208	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-08-15 10:04 . 2013-06-15 04:32	39936	----a-w-	c:\windows\system32\drivers\tssecsrv.sys
2013-08-07 19:01 . 2013-08-15 14:13	--------	d-----w-	c:\windows\system32\MRT
2013-07-30 07:15 . 2013-07-30 07:15	--------	d-----w-	c:\users\ggross\AppData\Roaming\DokOrg
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 20:08 . 2012-12-25 15:23	99352	----a-w-	c:\windows\system32\MfeOtlkAddin.dll
2013-08-15 20:08 . 2012-12-25 15:23	75656	----a-w-	c:\windows\SysWow64\MfeOtlkAddin.dll
2013-08-15 20:08 . 2010-03-25 18:07	23112	----a-w-	c:\windows\SysWow64\MFEOtlk.dll
2013-08-15 14:11 . 2011-04-23 16:40	78161360	----a-w-	c:\windows\system32\MRT.exe
2013-08-15 13:41 . 2012-12-25 12:29	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-15 13:41 . 2011-09-14 06:20	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-09 04:45 . 2013-08-15 10:04	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-06-19 20:48 . 2013-06-19 20:49	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-19 20:48 . 2012-06-14 11:57	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-06-19 20:48 . 2011-04-24 20:48	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-05 03:34 . 2013-07-10 12:35	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 12:36	624128	----a-w-	c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 12:36	509440	----a-w-	c:\windows\SysWow64\qedit.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-05-19 2363392]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-23 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-15 98304]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"ToolBoxFX"="c:\program files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2010-01-27 53248]
"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2007-08-31 36864]
"DATEV Update-Monitor"="d:\datev\PROGRAMM\Install\DvInesASDMon.exe" [2012-12-20 288352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-08-14 215656]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2012-11-27 333416]
"SiPaHost"="d:\datev\PROGRAMM\B0000398\SiPaHost.exe" [2013-01-18 551464]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Basisschnittstelle Office Initialisierung.lnk - d:\datev\PROGRAMM\BSOffice\service\OfficeDiag.exe /EnsureUI [2013-4-15 42536]
CleanupPrintJobs.lnk - d:\datev\PROGRAMM\B0001401\CleanupPrintJobs.exe [2013-2-18 22624]
DATEV-Hinweis Mitteilungsdienst.lnk - d:\datev\PROGRAMM\A0000007\DHNC.exe [2009-5-27 45056]
DFÜ-Manager.lnk - d:\datev\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe [2012-7-27 358048]
Lizenz-Manager Server.lnk - d:\datev\PROGRAMM\Sws\LiMaServer.exe [2013-1-28 812128]
RZ-Druckertreiber V.2.3.lnk - d:\datev\SYSTEM\rzpjwtch.exe [2008-6-18 36448]
SkyUserDevmode-Update.lnk - d:\datev\PROGRAMM\B0001401\UpdateDevmode.exe [2013-2-18 22624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
"EnableLinkedConnections"= 1 (0x1)
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
R3 Datev.Database.Conserve;DATEV Connection Service;d:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000;d:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 KOBCCEX;KOBCCEX;c:\windows\system32\drivers\KOBCCEX.sys;c:\windows\SYSNATIVE\drivers\KOBCCEX.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x]
R4 SQLAgent$DATEV_DBENGINE;SQL Server Agent (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DATEV Update-Service;DATEV Update-Service;d:\datev\PROGRAMM\INSTALL\DvInesASDSvc.Exe;d:\datev\PROGRAMM\INSTALL\DvInesASDSvc.Exe [x]
S2 DATEV ViwasClientService;DATEV ViwasClientService;d:\datev\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe;d:\datev\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe [x]
S2 Datev.Framework.RemoteServiceModel.EnablerService;DATEV DFL-Service-Manager;d:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single;d:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
S2 DatevPrintService;DATEV Druckservice;d:\datev\PROGRAMM\B0001442\PSNTSERV.EXE;d:\datev\PROGRAMM\B0001442\PSNTSERV.EXE [x]
S2 Dcmanag;DATEV DFÜ-System Dienst;d:\datev\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe;d:\datev\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe [x]
S2 DVckService;DVckService;d:\datev\PROGRAMM\B0000150\ScServer\DVckService.exe;d:\datev\PROGRAMM\B0000150\ScServer\DVckService.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [x]
S2 KOBIL_MSDI;KOBIL_MSDI;d:\datev\PROGRAMM\B0000404\msdisrv.exe;d:\datev\PROGRAMM\B0000404\msdisrv.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 MSSQL$DATEV_DBENGINE;SQL Server (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 rgsender;Remote Graphics Sender Service;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [x]
S2 SC_SERV3D;SC_SERV3D;c:\windows\system32\drivers\d3_kafm.sys;c:\windows\SYSNATIVE\drivers\d3_kafm.sys [x]
S2 Sicherheitspaket-Dienst;Sicherheitspaket-Dienst;d:\datev\PROGRAMM\B0000398\SiPaHostService.exe;d:\datev\PROGRAMM\B0000398\SiPaHostService.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
S3 Datev.Framework.RemoteServices;DATEV DFL Infrastruktur-Dienst;d:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single;d:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys;c:\windows\SYSNATIVE\drivers\KOBCCID.sys [x]
S3 MSSQLFDLauncher$DATEV_DBENGINE;SQL Full-text Filter Daemon Launcher (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-05-19 01:54	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-25 13:41]
.
2013-08-15 c:\windows\Tasks\Ukhvpsygr.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8317472]
"HP LaserJet M2727 MFP Series Fax"="c:\program files (x86)\HP\hp LaserJet M2727\hppfaxprintersrv.exe" [2009-09-22 3700736]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\ggross\AppData\Roaming\Mozilla\Firefox\Profiles\tb01pwn2.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Selyro - c:\users\ggross\AppData\Roaming\Vapae\olza.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{306DD894-F1FA-4548-89F2-43ABDEA45A12} - c:\program files (x86)\InstallShield Installation Information\{306DD894-F1FA-4548-89F2-43ABDEA45A12}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-15  23:47:05
ComboFix-quarantined-files.txt  2013-08-15 21:47
.
Vor Suchlauf: 16 Verzeichnis(se), 189.357.314.048 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 191.572.819.968 Bytes frei
.
- - End Of File - - 7AC790F3CA1B0E46F6F62DDB8C6F4B8D
D41D8CD98F00B204E9800998ECF8427E

cosinus · 15.08.2013, 23:26

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Trestar · 16.08.2013, 12:18

Anbei das Log-File des MBAR-Tools. Scheinbar hat es nichts gefunden. Erste Tests in Firefox haben gezeigt, dass es scheinbar keine Weiterleitungen mehr gibt. Wenn sich das bewahrheitet, wäre das ja toll! Allerdings kann das Windows-Sicherheitscenter noch immer nicht aktiviert werden.

mbar-log

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
ggross :: BUERO [administrator]

16.08.2013 09:50:20
mbar-log-2013-08-16 (09-50-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 281413
Time elapsed: 25 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 16.08.2013, 13:35

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Trestar · 16.08.2013, 14:55

Hier sind die jeweiligen Log-Dateien. Die Aktivierung des Windows-Sicherheitsdienst funktioniert noch immer nicht. Ich habe beim Aufräumen meines Download Ordners noch alte Log-Files des ADW-Cleaners gefunden, welche noch von früheren Rettungsversuchen ohne dieses Forum stammen. Ich dachte ich hatte die schon gelöscht. Ich weiß nicht ob die weiterhelfen, wenn nicht dann bitte einfach ignorieren.

adwCleaner NEU

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 16/08/2013 um 14:44:00 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : ggross - BUERO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ggross\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\ggross\AppData\Roaming\Mozilla\Firefox\Profiles\tb01pwn2.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S2].txt - [724 octets] - [16/08/2013 14:44:00]

########## EOF - C:\AdwCleaner[S2].txt - [783 octets] ##########

adwCleaner ALT

Code:

ATTFilter

# AdwCleaner v3.000 - Report created15/08/2013at16:35:13
# Updated 13/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : ggross - BUERO
# Running from : C:\Users\ggross\Downloads\adwcleaner30.exe

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\DealPlyLive
Folder Deleted : C:\Program Files (x86)\DealPly
Folder Deleted : C:\Program Files (x86)\DealPlyLive
Folder Deleted : C:\Users\ggross\AppData\Local\DealPlyLive
Folder Deleted : C:\Users\ggross\AppData\Roaming\Babylon
Folder Deleted : C:\Users\ggross\AppData\Roaming\DealPly
Folder Deleted : C:\Users\ggross\AppData\Roaming\DSite
File Deleted : C:\Windows\Tasks\Dealply.job
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C6DC4F8F-096E-4716-858B-EC39FFAED051}
Key Deleted : HKLM\SOFTWARE\Classes\CrystalEnterprise115.Inbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{16F56943-B9D1-4F37-AD47-3A4B7207ADE6}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\Delta

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Reset : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v22.0 (de)

File Deleted : C:\Users\ggross\AppData\Roaming\Mozilla\Firefox\Profiles\tb01pwn2.default\user.js

[ File : C:\Users\ggross\AppData\Roaming\Mozilla\Firefox\Profiles\tb01pwn2.default\prefs.js ]

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "de");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "9651f3eb00000000000078acc0a638ea");
Line Deleted : user_pref("extensions.delta.instlDay", "15932");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.22.0");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.22.016:02:32");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.22.0");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4975");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");

*************************

AdwCleaner[0].txt - [3678 octets] - [15/08/2013 16:35:13]

########## EOF - C:\AdwCleaner\AdwCleaner[0].txt - [3737 octets] ##########

adwCleaner ALT

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 15/08/2013 um 20:10:02 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : ggross - BUERO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ggross\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\ggross\AppData\Roaming\Mozilla\Firefox\Profiles\tb01pwn2.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1262 octets] - [15/08/2013 20:10:02]

########## EOF - C:\AdwCleaner[R1].txt - [1322 octets] ##########

adwCleaner ALT

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 15/08/2013 um 20:10:24 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : ggross - BUERO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ggross\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\ggross\AppData\Roaming\Mozilla\Firefox\Profiles\tb01pwn2.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1387 octets] - [15/08/2013 20:10:02]
AdwCleaner[S1].txt - [1324 octets] - [15/08/2013 20:10:24]

########## EOF - C:\AdwCleaner[S1].txt - [1384 octets] ##########

JRT Junkware Removal Tool

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.6 (08.15.2013:1)
OS: Windows 7 Professional x64
Ran by ggross on 16.08.2013 at 15:02:56,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrixeeker
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\ggross\Qtrax"



~~~ FireFox

Successfully deleted: [File] C:\Users\ggross\AppData\Roaming\mozilla\firefox\profiles\tb01pwn2.default\invalidprefs.js
Emptied folder: C:\Users\ggross\AppData\Roaming\mozilla\firefox\profiles\tb01pwn2.default\minidumps [86 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Frisches Log mit FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2013 01
Ran by ggross (administrator) on 16-08-2013 15:13:05
Running from C:\Users\ggross\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DATEV eG) D:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe
(DATEV eG) D:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE
(DATEV eG) D:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(KOBIL Systems GmbH) D:\DATEV\PROGRAMM\B0000404\msdisrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Hewlett-Packard, Inc.) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
(DATEV eG) D:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.UserSession.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\hp laserjet m2727\hppfaxprintersrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(HP) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
() C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(DATEV eG) D:\Datev\PROGRAMM\Install\DvInesASDMon.Exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
() D:\Datev\PROGRAMM\A0000007\DHNC.exe
(DATEV eG) D:\Datev\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe
(DATEV eG) D:\Datev\PROGRAMM\B0000398\SiPaHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(DATEV eG) D:\Datev\PROGRAMM\Sws\LiMaServer.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(DATEV eG) D:\DATEV\SYSTEM\rzpjwtch.exe
(DATEV eG) D:\DATEV\PROGRAMM\DFUEISDN\sslclt\sslclt.exe
(DATEVeG) D:\DATEV\PROGRAMM\B0000299\as\as.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE
(DATEV eG) D:\DATEV\PROGRAMM\SWS\LiMaService.exe
(DATEVeG) D:\DATEV\PROGRAMM\B0000299\as\as.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(TeamViewer GmbH) c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8317472 2009-11-03] (Realtek Semiconductor)
HKLM\...\Run: [HP LaserJet M2727 MFP Series Fax] - C:\Program Files (x86)\HP\hp LaserJet M2727\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-05-19] (Hewlett-Packard Company)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2011-11-11] (Apple Inc.)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] ()
HKLM-x32\...\Run: [ToolBoxFX] - C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2010-01-27] (HP)
HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [36864 2007-08-31] ()
HKLM-x32\...\Run: [DATEV Update-Monitor] - D:\Datev\PROGRAMM\Install\DvInesASDMon.exe [288352 2012-12-20] (DATEV eG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-11-27] (McAfee, Inc.)
HKLM-x32\...\Run: [SiPaHost] - D:\DATEV\PROGRAMM\B0000398\SiPaHost.exe [551464 2013-01-18] (DATEV eG)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk
ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> D:\Datev\PROGRAMM\BSOffice\service\OfficeDiag.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk
ShortcutTarget: CleanupPrintJobs.lnk -> D:\Datev\PROGRAMM\B0001401\CleanupPrintJobs.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DATEV-Hinweis Mitteilungsdienst.lnk
ShortcutTarget: DATEV-Hinweis Mitteilungsdienst.lnk -> D:\Datev\PROGRAMM\A0000007\DHNC.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DFÜ-Manager.lnk
ShortcutTarget: DFÜ-Manager.lnk -> D:\Datev\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lizenz-Manager Server.lnk
ShortcutTarget: Lizenz-Manager Server.lnk -> D:\Datev\PROGRAMM\Sws\LiMaServer.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RZ-Druckertreiber V.2.3.lnk
ShortcutTarget: RZ-Druckertreiber V.2.3.lnk -> D:\DATEV\SYSTEM\rzpjwtch.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
ShortcutTarget: SkyUserDevmode-Update.lnk -> D:\Datev\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - D:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe64.dll (DATEV eG)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130815235732.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - D:\DATEV\SYSTEM\DVCCSASCardBHO64002.Dll (DATEV eG)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - D:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130815235732.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - D:\DATEV\SYSTEM\DVCCSAScardBHO002.dll (DATEV eG)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ggross\AppData\Roaming\Mozilla\Firefox\Profiles\tb01pwn2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @datev.de/DATEV_BestellManager,version=1.7 - D:\DATEV\PROGRAMM\A0000015\npdvbm.dll ( DATEV eG)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 DATEV Update-Service; D:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [158304 2012-12-20] (DATEV eG)
R2 DATEV ViwasClientService; D:\DATEV\PROGRAMM\VIWAS\Datev.Viwas.ClientService.exe [69216 2013-02-05] (DATEV eG)
R2 DatevPrintService; D:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2013-04-08] (DATEV eG)
R2 Dcmanag; D:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe [177760 2012-06-05] (DATEV eG)
R2 DVckService; D:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe [2653224 2013-01-28] (DATEV eG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.)
R2 Hp.Skyroom.Windows.Service; C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [124472 2010-03-03] (Hewlett-Packard)
R2 KOBIL_MSDI; D:\DATEV\PROGRAMM\B0000404\msdisrv.exe [192512 2011-03-03] (KOBIL Systems GmbH)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-11-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [202376 2012-09-25] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [209760 2011-09-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2012-09-25] (McAfee, Inc.)
R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
R2 rgsender; c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [379904 2009-11-19] (Hewlett-Packard, Inc.)
R2 Sicherheitspaket-Dienst; D:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe [196136 2013-01-18] (DATEV eG)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S3 Datev.Database.Conserve; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R2 Datev.Framework.RemoteServiceModel.EnablerService; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
R3 Datev.Framework.RemoteServices; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
R3 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]

==================== Drivers (Whitelisted) ====================

R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [25344 2011-04-23] (KOBIL Systems GmbH)
R3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2012-12-25] (KOBIL Systems GmbH)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169192 2012-09-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [282736 2012-09-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [673624 2012-09-25] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2012-09-25] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [305280 2012-09-25] (McAfee, Inc.)
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [84728 2012-07-03] (Datev eG)
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [84728 2012-07-03] (Datev eG)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U0 dmboot; 
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-16 15:07 - 2013-08-16 15:07 - 00001190 _____ C:\Users\ggross\Desktop\JRT.txt
2013-08-16 15:02 - 2013-08-16 15:02 - 00000000 ____D C:\Windows\ERUNT
2013-08-16 15:01 - 2013-08-16 15:01 - 01159319 _____ (Thisisu) C:\Users\ggross\Desktop\JRT.exe
2013-08-16 14:55 - 2013-08-16 14:55 - 00000851 _____ C:\Users\ggross\Desktop\AdwCleaner[S2].txt
2013-08-16 14:44 - 2013-08-16 14:44 - 00000851 _____ C:\AdwCleaner[S2].txt
2013-08-16 14:41 - 2013-08-16 14:41 - 00666633 _____ C:\Users\ggross\Desktop\adwcleaner.exe
2013-08-16 12:48 - 2013-08-16 12:48 - 00001164 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-08-16 12:46 - 2013-08-16 12:46 - 05536272 _____ (TeamViewer GmbH) C:\Users\ggross\Downloads\TeamViewer_Setup_de.exe
2013-08-16 09:50 - 2013-08-16 12:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-16 09:48 - 2013-08-16 12:13 - 00000000 ____D C:\Users\ggross\Desktop\mbar
2013-08-16 09:48 - 2013-08-16 09:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-16 09:47 - 2013-08-16 09:47 - 12081912 _____ (Malwarebytes Corp.) C:\Users\ggross\Desktop\mbar-1.06.1.1005.exe
2013-08-15 23:47 - 2013-08-15 23:47 - 00022557 _____ C:\Users\ggross\Desktop\ComboFix.txt
2013-08-15 23:36 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-15 23:36 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-15 23:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-15 23:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-15 23:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-15 23:36 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-15 23:36 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-15 23:36 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-15 23:29 - 2013-08-15 23:47 - 00000000 ____D C:\Qoobox
2013-08-15 23:29 - 2013-08-15 23:44 - 00000000 ____D C:\Windows\erdnt
2013-08-15 23:25 - 2013-08-15 23:26 - 05104599 ____R (Swearware) C:\Users\ggross\Desktop\ComboFix.exe
2013-08-15 20:56 - 2013-08-15 20:56 - 00021937 _____ C:\Users\ggross\Desktop\Addition.txt
2013-08-15 20:48 - 2013-08-15 20:48 - 00000000 ____D C:\FRST
2013-08-15 20:10 - 2013-08-15 20:10 - 00001449 _____ C:\Users\ggross\Desktop\AdwCleaner[S1].txt
2013-08-15 20:10 - 2013-08-15 20:10 - 00001387 _____ C:\Users\ggross\Desktop\AdwCleaner[R1].txt
2013-08-15 19:38 - 2013-08-15 19:38 - 00003134 _____ C:\Windows\System32\Tasks\{493B5B7B-1FB3-4CE1-B1A1-4D0CE1106EE5}
2013-08-15 18:27 - 2013-08-15 20:01 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-15 18:27 - 2013-08-15 18:27 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-15 18:27 - 2013-08-15 18:27 - 00000000 _____ C:\autoexec.bat
2013-08-15 17:28 - 2013-08-15 17:28 - 00000000 ____D C:\Windows\pss
2013-08-15 17:15 - 2013-08-15 17:15 - 00000116 ___RH C:\Users\ggross\Downloads\Stinger.opt
2013-08-15 16:56 - 2013-08-15 17:15 - 00000000 ____D C:\Program Files (x86)\stinger
2013-08-15 16:34 - 2013-08-15 20:09 - 00000000 ____D C:\Users\ggross\Desktop\AdwCleaner
2013-08-15 16:16 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 16:16 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 16:16 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 16:16 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 16:16 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 16:16 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 16:16 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 16:16 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 16:16 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 16:16 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 16:16 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 16:16 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 16:16 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 16:16 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 16:02 - 2013-08-15 16:02 - 00003798 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-08-15 16:02 - 2013-08-15 16:02 - 00000000 ____D C:\Users\ggross\AppData\Local\Google
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-15 15:53 - 2013-08-15 15:53 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-15 15:52 - 2013-08-15 15:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-15 12:05 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 12:05 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 12:05 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 12:05 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 12:05 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 12:05 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 12:05 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 12:05 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 12:05 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 12:05 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 12:05 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 12:05 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 12:05 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 12:05 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 12:04 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 12:04 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 12:04 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 12:04 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 12:04 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 12:04 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 12:04 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 12:04 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 12:04 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 12:04 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 12:04 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 12:04 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 12:04 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-07 21:01 - 2013-08-15 16:13 - 00000000 ____D C:\Windows\system32\MRT
2013-07-30 09:15 - 2013-07-30 09:15 - 00000000 ____D C:\Users\ggross\AppData\Roaming\DokOrg
2013-07-23 18:13 - 2013-07-23 18:13 - 00638360 _____ C:\Windows\Minidump\072313-26754-01.dmp
2013-07-23 17:06 - 2013-07-23 18:13 - 665346230 _____ C:\Windows\MEMORY.DMP
2013-07-23 17:06 - 2013-07-23 18:13 - 00000000 ____D C:\Windows\Minidump
2013-07-23 17:06 - 2013-07-23 17:06 - 00835392 _____ C:\Windows\Minidump\072313-30014-01.dmp

==================== One Month Modified Files and Folders =======

2013-08-16 15:12 - 2013-08-16 15:12 - 01575798 _____ (Farbar) C:\Users\ggross\Desktop\FRST64.exe
2013-08-16 15:07 - 2013-08-16 15:07 - 00001190 _____ C:\Users\ggross\Desktop\JRT.txt
2013-08-16 15:05 - 2013-05-08 09:45 - 00000302 _____ C:\Windows\Tasks\Ukhvpsygr.job
2013-08-16 15:05 - 2011-04-23 17:51 - 00000000 ____D C:\Users\ggross
2013-08-16 15:02 - 2013-08-16 15:02 - 00000000 ____D C:\Windows\ERUNT
2013-08-16 15:01 - 2013-08-16 15:01 - 01159319 _____ (Thisisu) C:\Users\ggross\Desktop\JRT.exe
2013-08-16 14:55 - 2013-08-16 14:55 - 00000851 _____ C:\Users\ggross\Desktop\AdwCleaner[S2].txt
2013-08-16 14:55 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-16 14:55 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-16 14:53 - 2011-04-23 17:52 - 00139256 _____ C:\Users\ggross\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-16 14:52 - 2012-12-25 14:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-16 14:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-16 14:47 - 2009-07-14 06:51 - 00063222 _____ C:\Windows\setupact.log
2013-08-16 14:46 - 2011-04-22 21:30 - 00104194 _____ C:\Windows\PFRO.log
2013-08-16 14:46 - 2009-07-14 06:45 - 00519080 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-16 14:45 - 2011-03-09 08:59 - 01447074 _____ C:\Windows\WindowsUpdate.log
2013-08-16 14:44 - 2013-08-16 14:44 - 00000851 _____ C:\AdwCleaner[S2].txt
2013-08-16 14:41 - 2013-08-16 14:41 - 00666633 _____ C:\Users\ggross\Desktop\adwcleaner.exe
2013-08-16 12:48 - 2013-08-16 12:48 - 00001164 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-08-16 12:48 - 2011-04-24 22:30 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-08-16 12:46 - 2013-08-16 12:46 - 05536272 _____ (TeamViewer GmbH) C:\Users\ggross\Downloads\TeamViewer_Setup_de.exe
2013-08-16 12:35 - 2011-04-24 23:41 - 00000000 ____D D:\Eigene Dokumente\Outlook-Dateien
2013-08-16 12:34 - 2011-12-24 12:20 - 00000000 ____D C:\Users\ggross\AppData\Local\484B0A56-7803-4F13-A847-82265F7F70F3.aplzod
2013-08-16 12:13 - 2013-08-16 09:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-16 12:13 - 2013-08-16 09:48 - 00000000 ____D C:\Users\ggross\Desktop\mbar
2013-08-16 09:48 - 2013-08-16 09:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-16 09:47 - 2013-08-16 09:47 - 12081912 _____ (Malwarebytes Corp.) C:\Users\ggross\Desktop\mbar-1.06.1.1005.exe
2013-08-15 23:57 - 2013-06-26 08:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 23:57 - 2012-12-25 17:23 - 00099352 _____ (McAfee, Inc.) C:\Windows\system32\MfeOtlkAddin.dll
2013-08-15 23:56 - 2012-12-25 17:23 - 00075656 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MfeOtlkAddin.dll
2013-08-15 23:56 - 2010-03-25 20:07 - 00023112 _____ (McAfee, Inc.) C:\Windows\SysWOW64\MFEOtlk.dll
2013-08-15 23:47 - 2013-08-15 23:47 - 00022557 _____ C:\Users\ggross\Desktop\ComboFix.txt
2013-08-15 23:47 - 2013-08-15 23:29 - 00000000 ____D C:\Qoobox
2013-08-15 23:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-15 23:44 - 2013-08-15 23:29 - 00000000 ____D C:\Windows\erdnt
2013-08-15 23:44 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-15 23:26 - 2013-08-15 23:25 - 05104599 ____R (Swearware) C:\Users\ggross\Desktop\ComboFix.exe
2013-08-15 22:35 - 2011-03-09 09:41 - 00763020 _____ C:\Windows\system32\perfh007.dat
2013-08-15 22:35 - 2011-03-09 09:41 - 00173726 _____ C:\Windows\system32\perfc007.dat
2013-08-15 22:35 - 2009-07-14 07:13 - 01800794 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-15 20:56 - 2013-08-15 20:56 - 00021937 _____ C:\Users\ggross\Desktop\Addition.txt
2013-08-15 20:48 - 2013-08-15 20:48 - 00000000 ____D C:\FRST
2013-08-15 20:10 - 2013-08-15 20:10 - 00001449 _____ C:\Users\ggross\Desktop\AdwCleaner[S1].txt
2013-08-15 20:10 - 2013-08-15 20:10 - 00001387 _____ C:\Users\ggross\Desktop\AdwCleaner[R1].txt
2013-08-15 20:09 - 2013-08-15 16:34 - 00000000 ____D C:\Users\ggross\Desktop\AdwCleaner
2013-08-15 20:01 - 2013-08-15 18:27 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-15 19:38 - 2013-08-15 19:38 - 00003134 _____ C:\Windows\System32\Tasks\{493B5B7B-1FB3-4CE1-B1A1-4D0CE1106EE5}
2013-08-15 18:27 - 2013-08-15 18:27 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-15 18:27 - 2013-08-15 18:27 - 00000000 _____ C:\autoexec.bat
2013-08-15 17:28 - 2013-08-15 17:28 - 00000000 ____D C:\Windows\pss
2013-08-15 17:15 - 2013-08-15 17:15 - 00000116 ___RH C:\Users\ggross\Downloads\Stinger.opt
2013-08-15 17:15 - 2013-08-15 16:56 - 00000000 ____D C:\Program Files (x86)\stinger
2013-08-15 16:31 - 2012-09-07 12:22 - 00000000 ____D C:\Quarantäne
2013-08-15 16:13 - 2013-08-07 21:01 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 16:11 - 2011-04-23 18:40 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 16:02 - 2013-08-15 16:02 - 00003798 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-08-15 16:02 - 2013-08-15 16:02 - 00000000 ____D C:\Users\ggross\AppData\Local\Google
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-15 15:54 - 2011-04-23 18:59 - 00000000 ____D C:\Users\ggross\AppData\Local\Adobe
2013-08-15 15:53 - 2013-08-15 15:53 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-15 15:52 - 2013-08-15 15:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-15 15:52 - 2011-04-22 14:04 - 00000000 ____D C:\ProgramData\Adobe
2013-08-15 15:41 - 2012-12-25 14:29 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-15 15:41 - 2012-12-25 14:29 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-15 15:41 - 2011-09-14 08:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-13 10:43 - 2011-04-24 09:39 - 00000000 ____D D:\Eigene Dokumente\Buchhaltung
2013-08-13 10:14 - 2011-04-26 14:28 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-12 11:33 - 2011-04-25 14:49 - 00005821 _____ C:\Users\ggross\AppData\Local\EmptySettings.xml
2013-08-12 09:43 - 2012-01-30 20:40 - 00000000 ____D C:\Users\ggross\AppData\Roaming\HpUpdate
2013-08-11 14:40 - 2011-04-24 09:39 - 00000000 ____D D:\Eigene Dokumente\Elster
2013-08-11 10:15 - 2011-03-09 08:59 - 00000000 ____D C:\ProgramData\PDFC
2013-08-09 13:23 - 2011-04-24 09:39 - 00000000 ____D D:\Eigene Dokumente\Einsprüche
2013-08-09 03:03 - 2011-04-22 13:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-09 03:03 - 2009-07-14 04:34 - 00000513 _____ C:\Windows\win.ini
2013-08-08 12:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-07 21:01 - 2011-04-23 19:32 - 01777752 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-02 14:12 - 2011-04-24 09:39 - 00000000 ____D D:\Eigene Dokumente\Briefe Allgemein
2013-07-30 09:15 - 2013-07-30 09:15 - 00000000 ____D C:\Users\ggross\AppData\Roaming\DokOrg
2013-07-30 09:15 - 2011-04-23 19:19 - 00000021 _____ C:\Windows\DvInesKurusOleServer003.INI
2013-07-30 09:10 - 2011-04-23 20:44 - 00000151 _____ C:\Windows\ODBC.INI
2013-07-30 09:09 - 2011-04-23 21:35 - 00000000 ____D C:\Users\ggross\AppData\Local\DATEV
2013-07-30 09:06 - 2011-04-28 12:18 - 00000093 _____ C:\Users\ggross\AppData\Roaming\BEVI.CFG
2013-07-29 07:48 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-28 13:22 - 2011-04-24 09:39 - 00000000 ____D D:\Eigene Dokumente\Briefe FA
2013-07-26 07:13 - 2013-08-15 16:16 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 16:16 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-15 16:16 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-15 16:16 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-15 16:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-15 16:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 16:16 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 16:16 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 16:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 16:16 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-15 16:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-15 16:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 16:16 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 16:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-15 12:05 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 12:05 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-23 18:13 - 2013-07-23 18:13 - 00638360 _____ C:\Windows\Minidump\072313-26754-01.dmp
2013-07-23 18:13 - 2013-07-23 17:06 - 665346230 _____ C:\Windows\MEMORY.DMP
2013-07-23 18:13 - 2013-07-23 17:06 - 00000000 ____D C:\Windows\Minidump
2013-07-23 17:06 - 2013-07-23 17:06 - 00835392 _____ C:\Windows\Minidump\072313-30014-01.dmp
2013-07-19 03:58 - 2013-08-15 12:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-19 03:41 - 2013-08-15 12:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-02 10:11

==================== End Of Log ============================

--- --- ---

15.08.2013, 21:46	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7: Browser leitet ungewollt auf Werbung weiter Ich hab extra auf den farbig geposteten Text hingewiesen. Ist dir das egal? __________________ Logfiles bitte immer in CODE-Tags posten

Windows 7: Browser leitet ungewollt auf Werbung weiter

Plagegeister aller Art und deren Bekämpfung: Windows 7: Browser leitet ungewollt auf Werbung weiter