Win7 - WinPatrol meldet: "systray .exe stub"

Holzpferd · 23.08.2013, 17:29

Hallo,

seit vorgestern meldet sich mein WinPatrol ständig mit dem New Program Alert "Systray .exe stub". Als Pfad steht da C:\Windows\System32\systray.exe und als weitere Angabe "Microsoft Corporation". Das sieht ja zum Teil ganz normal aus. Aber wenn ich nach "Systray .exe stub" google, erhalte ich sehr viele Hinweise auf einen Keylogger.

Ich habe natürlich die WinPatrol-Abfrage immer mit "No" beantwortet mit der Folge, dass ich das alle paar Sekunden wiederholen muss. Die dann erscheinende WinPatrol-Hilfe-Website, wonach man mehrere verdächtige Anwendungen, Prozesse, Tasks oder Dateien gleichzeitig schließen sollte, bringt mir nichts, da ich keine verdächtigen Anwendungen oder Tasks erkennen kann und die Anzahl anderer zu untersuchender Elemente viel zu groß für mich ist, um sie alle eingehend zu untersuchen. Deshalb hoffe ich sehr auf die Hilfe hier.

Was ich bisher getan habe ist, komplette Suchläufe mit Malwarebytes und MSE (beide natürlich aktualisiert) durchzuführen - ohne Fund - und Zemana AntiLogger zu istallieren für den Fall, dass ich doch noch die WinPatrol-Abfrage versehentlich mit "Yes" beantworte, bevor mir hier jemand aus dem Problem herausgeholfen hat. Für diese Hilfe schon jetzt vielen Dank.

schrauber · 23.08.2013, 17:55

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Holzpferd · 24.08.2013, 01:18

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013 01
Ran by siegmar (administrator) on 24-08-2013 02:08:22
Running from C:\Users\siegmar\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun32.bin
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
(Nenad Hrg (SoftwareOK.com)) O:\Zentrale Prog-Sammelstelle (exe)\AlwaysMouseWheel.exe
(ITSamples.com) C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Code Sector Inc.) C:\Program Files (x86)\Direct Folders\df.exe
(Code Sector Inc.) C:\Program Files (x86)\Direct Folders\df64.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(FinePrint Software, LLC) C:\Windows\system32\spool\DRIVERS\x64\3\fpphelp4.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) c:\windows\system32\inetsrv\w3wp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2009-12-08] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [SuRun Systemmenü-Erweiterung] - C:\Windows\SuRun.exe [727552 2012-01-20] (hxxp://kay-bruns.de)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [151552 2013-06-29] (IvoSoft)
HKLM\...\Run: [USB Safely Remove] - C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe [2423168 2012-05-29] (Crystal Rich Ltd)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [AlwaysMouseWheel] - O:\Zentrale Prog-Sammelstelle (exe)\AlwaysMouseWheel.exe [55808 2012-10-02] (Nenad Hrg (SoftwareOK.com))
HKCU\...\Run: [NetworkIndicator] - C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe [344064 2010-10-25] (ITSamples.com)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [DirectFolders] - C:\Program Files (x86)\Direct Folders\df.exe [272896 2010-06-03] (Code Sector Inc.)
HKLM-x32\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM-x32\...\Run: [systray] - C:\Windows\System32\systray.exe [9216 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [ZALFree] - C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [12999472 2013-07-22] (Zemana Ltd.)
HKU\Anfangsnutzer\...\Run: [AlwaysMouseWheel] - O:\Zentrale Prog-Sammelstelle (exe)\AlwaysMouseWheel.exe [55808 2012-10-02] (Nenad Hrg (SoftwareOK.com))
HKU\Anfangsnutzer\...\Run: [everything] - C:\PROGRAM FILES (X86)\EVERYTHING\EVERYTHING.EXE [602624 2009-03-13] ()
HKU\Anfangsnutzer\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner64.exe [5629720 2013-01-23] (Piriform Ltd)
HKU\silvia\...\Run: [AutoSizer] - "C:\Program Files (x86)\AutoSizer\AutoSizer.exe" [x]
HKU\silvia\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup [x]
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL [89936 2013-07-22] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL [82696 2013-07-22] (Zemana Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:12080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
SearchScopes: HKLM-x32 - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - {A6F65281-CAAB-40E8-A91C-4AA8699DA8E3} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Agent Ransack Keyboard Hook - {B23EDAE2-2A36-4c87-AEFD-B6801B6C6584} - C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll (Mythicsoft Ltd)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: No Name - {53707962-6F74-2D53-2644-206D7942484F} -  No File
BHO-x32: Spesoft Toolbar - {94817c02-feac-4aa8-99d8-1cb47bf4d4c0} -  No File
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKCU - No Name - {94817C02-FEAC-4AA8-99D8-1CB47BF4D4C0} -  No File
Toolbar: HKCU - No Name - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
ShellExecuteHooks: SuRun Shell Extension - {2C7B6088-5A77-4d48-BE43-30337DCA9A86} - SuRunExt.dll No File [ ]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\siegmar\AppData\Roaming\Mozilla\Firefox\Path=Profiles\e975fjdq.test
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=8 - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: No Name - C:\Users\siegmar\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\siegmar\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

S4 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S4 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 Super User Run (SuRun) Service; C:\Windows\SuRun.exe [727552 2012-01-20] (hxxp://kay-bruns.de)
R2 USBSafelyRemoveService; C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [1473920 2012-05-29] (Crystal Rich Ltd)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-27] (Windows (R) Codename Longhorn DDK provider)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25568 2013-07-22] (Zemana Ltd.)
S3 MEMSWEEP2; C:\Windows\system32\66ED.tmp [6144 2009-06-18] (Sophos Plc)
S3 MEMSWEEP2; C:\Windows\system32\66ED.tmp [6144 2009-06-18] (Sophos Plc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
U2 Messenger; 
S3 PORTMON; \??\R:\6   MH\Installation\SysinternalsSuite_0502\PORTMSYS.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-23 19:56 - 2013-08-23 19:56 - 01576584 ____C (Farbar) C:\Users\siegmar\Desktop\FRST64.exe
2013-08-23 11:53 - 2013-08-23 11:53 - 00494400 ____C (ITSTH                                                       ) C:\Users\siegmar\Downloads\WhatsMyComputerDoing_E.exe
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ___DC C:\Users\siegmar\AppData\Local\AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00001104 ____C C:\Users\Public\Desktop\AntiLogger Free.lnk
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\Zemana AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\KeyCryptSDK
2013-08-21 19:02 - 2013-07-22 18:10 - 00025568 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2013-08-21 18:29 - 2013-08-21 18:29 - 01810944 ____C C:\Users\siegmar\Downloads\MBSASetup-x64-DE.msi
2013-08-21 18:25 - 2013-08-21 18:25 - 01327120 ____C C:\Users\siegmar\Downloads\KeyScrambler_Setup.exe
2013-08-21 18:15 - 2013-08-21 18:14 - 04322816 _____ (Zemana Ltd.                                                 ) C:\Users\siegmar\Downloads\AntiLoggerFree_Setup_1.6.2.245.exe
2013-08-19 17:06 - 2013-08-19 17:06 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\Steuerfälle
2013-08-16 11:28 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-16 11:28 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-16 11:28 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-16 11:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-16 11:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-16 11:28 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-16 11:28 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-16 11:28 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-16 11:28 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-16 11:28 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-16 11:28 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-16 11:18 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 11:18 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 11:18 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-16 11:18 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-16 11:18 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 11:18 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 11:18 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 11:18 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-16 11:18 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 11:18 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 11:18 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-16 11:18 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 11:13 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-16 11:13 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-16 11:13 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-16 11:13 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-16 11:13 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-16 11:13 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-16 11:13 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-16 11:13 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-16 11:13 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-16 11:13 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-16 11:13 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-16 11:13 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-16 11:13 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 11:13 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-16 11:13 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-16 11:12 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-09 15:24 - 2013-08-09 15:24 - 00282112 ____C (Mozilla) C:\Users\siegmar\Downloads\Firefox Setup Stub 23.0.exe
2013-08-09 14:38 - 2013-08-09 14:38 - 00000093 ____C C:\Users\Public\Documents\Fehler 2203 (bei Install Classic Shell erstmals aufgetreten).txt
2013-08-09 14:13 - 2013-08-09 14:13 - 00003156 _____ C:\Windows\System32\Tasks\{2C80D82E-6EBA-454C-84A8-90FD68CDC180}
2013-08-09 13:59 - 2013-08-09 13:59 - 08437760 ____C (IvoSoft) C:\Users\siegmar\Downloads\ClassicShellSetup_3_6_8.exe
2013-08-04 14:36 - 2013-08-21 12:19 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-04 14:35 - 2013-08-04 14:35 - 00000000 ____D C:\Users\siegmar\Downloads\mbar-1.06.0.1004
2013-08-04 14:34 - 2013-08-04 14:35 - 13399154 ____C C:\Users\siegmar\Downloads\mbar-1.06.0.1004.zip
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-03 01:39 - 2013-08-03 01:39 - 00000000 ___DC C:\Program Files (x86)\Java
2013-08-03 01:38 - 2013-08-03 01:39 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21E6.tmp
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21D6.tmp
2013-08-02 22:51 - 2013-08-02 22:51 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Macromedia
2013-08-02 00:17 - 2013-08-12 09:59 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Thunderbird
2013-08-01 23:28 - 2013-08-01 23:32 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Roaming\Media Player Classic
2013-08-01 17:33 - 2013-08-01 17:33 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VS Revo Group
2013-08-01 17:26 - 2013-08-01 17:26 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Secunia PSI
2013-08-01 17:12 - 2013-08-01 17:12 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VirtualStore
2013-07-31 14:33 - 2013-08-01 23:37 - 00000000 ___DC C:\Users\Anfangsnutzer\.dvdcss
2013-07-29 10:19 - 2013-07-29 10:32 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\WPA Files
2013-07-25 19:14 - 2013-07-25 19:14 - 00077505 ____C C:\Users\siegmar\Downloads\bannersnack-ad-336x280.zip
2013-07-25 19:14 - 2013-07-25 19:14 - 00000000 ____D C:\Users\siegmar\Downloads\bannersnack-ad-336x280
2013-07-25 19:13 - 2013-07-25 19:13 - 00116856 ____C C:\Users\siegmar\Downloads\car-speakers-590x90.zip

==================== One Month Modified Files and Folders =======

2013-08-24 02:07 - 2013-08-24 02:07 - 00000000 ___DC C:\FRST
2013-08-24 01:59 - 2012-12-06 03:50 - 00000000 ___DC C:\Program Files (x86)\Everything
2013-08-23 19:56 - 2013-08-23 19:56 - 01576584 ____C (Farbar) C:\Users\siegmar\Desktop\FRST64.exe
2013-08-23 18:16 - 2010-04-21 11:42 - 00000000 ___DC C:\Users\siegmar\Desktop\_deskcut
2013-08-23 18:06 - 2009-07-14 19:58 - 00855588 _____ C:\Windows\system32\perfh007.dat
2013-08-23 18:06 - 2009-07-14 19:58 - 00205000 _____ C:\Windows\system32\perfc007.dat
2013-08-23 18:06 - 2009-07-14 07:13 - 01984690 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-23 16:01 - 2010-04-11 13:39 - 01115521 _____ C:\Windows\WindowsUpdate.log
2013-08-23 11:53 - 2013-08-23 11:53 - 00494400 ____C (ITSTH                                                       ) C:\Users\siegmar\Downloads\WhatsMyComputerDoing_E.exe
2013-08-23 10:17 - 2009-07-14 06:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-23 10:17 - 2009-07-14 06:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-23 10:11 - 2011-07-22 18:21 - 00000000 ___DC C:\Users\siegmar\AppData\Roaming\USBSafelyRemove
2013-08-23 10:10 - 2012-12-03 11:54 - 00018221 _____ C:\Windows\setupact.log
2013-08-23 10:10 - 2010-11-05 19:06 - 00000000 ____D C:\Windows\System32\Tasks\NCH Swift Sound
2013-08-23 10:10 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-22 17:42 - 2012-08-11 02:35 - 00000782 _____ C:\Windows\regscanner.cfg
2013-08-22 17:36 - 2012-11-06 15:11 - 00000000 ___DC C:\Program Files\Microsoft Windows Performance Toolkit
2013-08-22 17:36 - 2012-11-06 15:11 - 00000000 ____D C:\Users\siegmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Windows Performance Toolkit
2013-08-22 17:04 - 2010-08-24 00:56 - 00013948 ____C C:\Users\siegmar\Desktop\DesktopOK.ini
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ___DC C:\Users\siegmar\AppData\Local\AntiLogger Free
2013-08-22 16:42 - 2011-07-24 19:03 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Roaming\USBSafelyRemove
2013-08-22 16:39 - 2013-02-17 17:11 - 00000000 ___DC C:\Users\Anfangsnutzer\__aktuelle Probleme
2013-08-21 19:02 - 2013-08-21 19:02 - 00001104 ____C C:\Users\Public\Desktop\AntiLogger Free.lnk
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\Zemana AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\KeyCryptSDK
2013-08-21 18:29 - 2013-08-21 18:29 - 01810944 ____C C:\Users\siegmar\Downloads\MBSASetup-x64-DE.msi
2013-08-21 18:25 - 2013-08-21 18:25 - 01327120 ____C C:\Users\siegmar\Downloads\KeyScrambler_Setup.exe
2013-08-21 18:14 - 2013-08-21 18:15 - 04322816 _____ (Zemana Ltd.                                                 ) C:\Users\siegmar\Downloads\AntiLoggerFree_Setup_1.6.2.245.exe
2013-08-21 14:20 - 2010-08-17 11:37 - 00427394 _____ C:\Windows\PFRO.log
2013-08-21 12:19 - 2013-08-04 14:36 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-21 11:27 - 2013-02-21 17:55 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\PDF-Dateien
2013-08-21 11:05 - 2013-02-04 14:42 - 00000000 ____D C:\Users\siegmar\Documents\Reg-Datei-Exporte
2013-08-21 10:54 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-08-21 10:54 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-21 10:45 - 2011-01-08 18:50 - 00000000 ____D C:\Windows\pss
2013-08-21 10:08 - 2010-01-01 02:33 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 17:53 - 2012-12-05 17:55 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-08-19 17:06 - 2013-08-19 17:06 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\Steuerfälle
2013-08-16 15:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-16 11:16 - 2013-07-11 01:40 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 11:14 - 2010-04-12 18:04 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-16 00:53 - 2012-05-23 15:08 - 00000000 ___DC C:\ProgramData\SecTaskMan
2013-08-13 15:21 - 2013-03-21 20:54 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\Neuer Ordner (4)
2013-08-12 17:25 - 2013-05-15 12:13 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-08-12 09:59 - 2013-08-02 00:17 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Thunderbird
2013-08-09 17:24 - 2010-04-16 19:40 - 00000000 ___DC C:\Program Files\Classic Shell
2013-08-09 15:50 - 2011-07-25 01:52 - 00000000 ____D C:\Users\silvia\AppData\Roaming\USBSafelyRemove
2013-08-09 15:24 - 2013-08-09 15:24 - 00282112 ____C (Mozilla) C:\Users\siegmar\Downloads\Firefox Setup Stub 23.0.exe
2013-08-09 14:43 - 2012-07-05 07:51 - 00000000 ___DC C:\Users\siegmar\__Aktuelle Probleme
2013-08-09 14:38 - 2013-08-09 14:38 - 00000093 ____C C:\Users\Public\Documents\Fehler 2203 (bei Install Classic Shell erstmals aufgetreten).txt
2013-08-09 14:13 - 2013-08-09 14:13 - 00003156 _____ C:\Windows\System32\Tasks\{2C80D82E-6EBA-454C-84A8-90FD68CDC180}
2013-08-09 13:59 - 2013-08-09 13:59 - 08437760 ____C (IvoSoft) C:\Users\siegmar\Downloads\ClassicShellSetup_3_6_8.exe
2013-08-07 19:10 - 2010-04-12 17:52 - 08126464 _____ C:\Users\Anfangsnutzer\ntuser.bak
2013-08-07 19:10 - 2010-04-12 17:52 - 00000000 ___DC C:\Users\Anfangsnutzer
2013-08-07 19:10 - 2009-07-14 04:34 - 80216064 _____ C:\Windows\system32\config\software.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 28573696 _____ C:\Windows\system32\config\system.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 04718592 _____ C:\Windows\system32\config\default.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 00131072 _____ C:\Windows\system32\config\sam.bak
2013-08-07 10:39 - 2011-04-11 16:26 - 00000000 ___DC C:\ProgramData\AAV
2013-08-04 14:35 - 2013-08-04 14:35 - 00000000 ____D C:\Users\siegmar\Downloads\mbar-1.06.0.1004
2013-08-04 14:35 - 2013-08-04 14:34 - 13399154 ____C C:\Users\siegmar\Downloads\mbar-1.06.0.1004.zip
2013-08-04 14:29 - 2010-10-07 16:36 - 00000000 __RDC C:\Users\siegmar\Desktop\_Aktuell
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-03 01:39 - 2013-08-03 01:39 - 00000000 ___DC C:\Program Files (x86)\Java
2013-08-03 01:39 - 2013-08-03 01:38 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-03 01:39 - 2012-05-22 15:30 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-03 01:39 - 2010-07-29 17:42 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21E6.tmp
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21D6.tmp
2013-08-02 23:06 - 2010-06-23 01:28 - 00000000 ___DC C:\Users\Administrator
2013-08-02 22:51 - 2013-08-02 22:51 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Macromedia
2013-08-02 09:01 - 2010-04-13 07:07 - 00192648 ____C C:\Users\Anfangsnutzer\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-01 23:39 - 2011-02-05 15:01 - 00000000 __RDC C:\Users\Anfangsnutzer\.smplayer
2013-08-01 23:37 - 2013-07-31 14:33 - 00000000 ___DC C:\Users\Anfangsnutzer\.dvdcss
2013-08-01 23:32 - 2013-08-01 23:28 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Roaming\Media Player Classic
2013-08-01 17:33 - 2013-08-01 17:33 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VS Revo Group
2013-08-01 17:26 - 2013-08-01 17:26 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Secunia PSI
2013-08-01 17:12 - 2013-08-01 17:12 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VirtualStore
2013-08-01 08:50 - 2010-04-20 10:49 - 00000000 ___DC C:\Users\siegmar\AppData\Roaming\ATViewer
2013-08-01 01:07 - 2011-09-08 13:15 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\ConduitEngine
2013-08-01 01:07 - 2010-11-06 11:21 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Conduit
2013-08-01 01:07 - 2010-09-14 17:49 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Google
2013-07-31 17:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-31 06:57 - 2012-11-01 16:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-30 01:19 - 2012-11-01 16:17 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-30 01:19 - 2012-04-11 16:54 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-30 01:19 - 2011-06-23 19:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-30 01:19 - 2010-06-02 12:32 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Adobe
2013-07-29 10:32 - 2013-07-29 10:19 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\WPA Files
2013-07-28 02:25 - 2010-08-10 10:22 - 00000000 ____D C:\Users\siegmar\dwhelper
2013-07-28 01:29 - 2011-01-26 12:42 - 00000000 ___DC C:\Users\siegmar\.smplayer
2013-07-26 07:13 - 2013-08-16 11:18 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-16 11:18 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-16 11:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-16 11:18 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-16 11:18 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-16 11:18 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-16 11:18 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-16 11:18 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-16 11:18 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-16 11:18 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-16 11:18 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-16 11:18 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 19:14 - 2013-07-25 19:14 - 00077505 ____C C:\Users\siegmar\Downloads\bannersnack-ad-336x280.zip
2013-07-25 19:14 - 2013-07-25 19:14 - 00000000 ____D C:\Users\siegmar\Downloads\bannersnack-ad-336x280
2013-07-25 19:13 - 2013-07-25 19:13 - 00116856 ____C C:\Users\siegmar\Downloads\car-speakers-590x90.zip
2013-07-25 11:25 - 2013-08-16 11:13 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-16 11:13 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-25 10:13 - 2013-03-15 17:59 - 00002011 ____C C:\Users\siegmar\Desktop\FSS.txt

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 18:37

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2013 01
Ran by siegmar at 2013-08-24 02:08:49
Running from C:\Users\siegmar\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
1&1 EasyLogin (x32)
7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
AAVUpdateManager (x32 Version: 18.00.0000)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
AllDup 3.0.2 (x32 Version: 3.0.2)
Amazon MP3-Downloader 1.0.9 (x32)
AntiLogger Free version 1.6.2.245 (x32 Version: 1.6.2.245)
Apple Application Support (x32 Version: 1.4.1)
Apple Software Update (x32 Version: 2.1.1.116)
ArcSoft PhotoStudio 5.5 (x32)
Ashampoo Burning Studio 2013 v.11.0.6 (x32 Version: 11.0.6)
Ask Toolbar Updater (HKCU Version: 1.2.0.20007)
Audacity 2.0 (x32)
AVM FRITZ!Box Dokumentation (x32)
AVM FRITZ!Box Druckeranschluss (x32)
Beyond Compare 3.3.8 (x32 Version: 3.3.8.16340)
Canon CanoScan Toolbox 5.0 (x32)
CanoScan 8600F
CCleaner (Version: 3.27)
CDCheck (x32)
Classic Shell (Version: 3.6.8)
CodeStuff Starter (x32 Version: 5.6.2.9)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
ConvertHelper 2.2 (x32)
CPUID CPU-Z 1.53.1
Data Lifeguard Diagnostic for Windows 1.24 (x32)
DBJ Bundesausgabe (x32 Version: Ausgabe 2011.3)
Deutsch - Custom (Version: 1.0.3.40)
Device Doctor v2.1 (x32 Version: 2.1)
DFÜ-Optimierer 1.40 (x32)
DiamondCS Port Explorer v2.200 (x32)
Dir-It! (x32 Version: 4.00.0000)
dm-Fotowelt (x32)
DPA SHA 1.99 (x32 Version: 1.99)
Driver Genius Professional Edition (x32 Version: 11.0)
eReg (x32 Version: 1.20.138.34)
ERUNT 1.1j (x32)
Everything 1.2.1.371 (x32)
Exact Audio Copy 1.0beta1 (x32 Version: 1.0beta1)
Explorer Toolbar Editor (x32 Version: 1.0)
Folder Marker v 1.4 (x32 Version: 1.4)
FontTwister 1.4 (x32 Version: 1.4)
Free Launch Bar 64-bit Edition (Version: 2.0.0.0)
Gigabyte Raid Cinfigurer (x32 Version: 1.00.0001)
GIMP 2.8.2 (Version: 2.8.2)
HostsMan 3.2.73 (x32 Version: 3.2.73)
IconForever! Premium 6.00 (x32 Version: 6.00)
Image Analyzer (x32)
Intel(R) Control Center (x32 Version: 1.2.0.1006)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.1995)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
IrfanView (remove only) (x32 Version: 4.36)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaFX 2.1.0 (x32 Version: 2.1.0)
Joe (x32 Version: 3.05.0100)
jv16 PowerTools 2009 (x32)
Kits Configuration Installer (x32 Version: 8.59.25584)
KompoZer 0.8b3 (x32)
LockHunter version 1.0 beta 3, 64 bit edition
Logitech SetPoint 6.32 (Version: 6.32.20)
Malwarebytes Anti-Malware version 1.70.0.1100 (x32 Version: 1.70.0.1100)
MediaInfo 0.7.43 (Version: 0.7.43)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Keyboard Layout Creator 1.4 (x32 Version: 1.4.6000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft OpenType Font File Properties Extension (x32 Version: 2.30.0000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Windows Performance Toolkit (Version: 4.6.0)
MKN MemoryMonitor 2.0 (x32 Version: MKN MemoryMonitor)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0)
Network Activity Indicator for Windows 7 (x32 Version: 1.6)
No23 Recorder (x32 Version: 2.1.0.3)
nt Ransack 2010 (64-bit)
One Click Wipe 2 (x32)
pdfFactory Pro (Version: 4.64)
PDF-Viewer (Version: 2.5.208.0)
QuickTime Alternative 1.81 (x32 Version: 1.81)
Realtek Ethernet Controller Driver (x32 Version: 7.49.927.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5998)
Registry System Wizard.NET (Version: 0.10.326.9)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0)
Revo Uninstaller Pro 2.5.9 (Version: 2.5.9)
ScanSoft OmniPage SE 4.0 (x32 Version: 15.00.0020)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
Security Task Manager 1.8d (x32 Version: 1.8d)
SmartTools Publishing · Tuning-Assistent für Word (x32)
SmartTools Publishing • Word Format & Konvertierungs-Assistent (x32 Version: v3.00)
SpeedFan (remove only) (x32)
Spesoft Audio Converter 2.30 (x32)
Spesoft Toolbar (x32 Version: 6.3.2.17)
Steuer-Spar-Erklärung 2011 (x32 Version: 16.10)
Steuer-Spar-Erklärung 2012 (x32 Version: 17.11)
Steuer-Spar-Erklärung 2013 (x32 Version: 18.09)
Super User Run (SuRun) (Version: 1.2.1.0)
SymMover (x32)
System Requirements Lab for Intel (x32 Version: 4.5.9.0)
TapTap Hotkey Extender 1.03.01 (x32)
Task Catcher (x32 Version: 1.4)
Taskbar Helper 2.1 (x32)
TBIView 4.23 - TBIMount 1.05 (x32)
TextMaker Viewer (x32)
TreeSize Personal V5.5 (x32 Version: 5.5)
Unknown Device Identifier 8.00
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
URL Snooper v2.28.01 (x32)
USB Safely Remove 5.1 (x32)
VCRedistSetup (x32 Version: 1.0.0)
VideoReDo Plus Version 3.10.3.616 (x32)
WavePad Audiobearbeitungs-Software (x32)
WinAttrib (x32 Version: 3)
Windows Installer Clean Up (x32 Version: 3.00.00.0000)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Software Development Kit (x32 Version: 8.59.29750)
Windows Software Development Kit EULA (x32 Version: 8.59.25584)
Windows XP Mode (Version: 1.3.7600.16422)
WinPatrol (Version: 26.1.2013.0)
WPT Redistributables (x32 Version: 8.59.29750)
WPTx64 (x32 Version: 8.59.29722)
XMedia Recode Version 3.1.6.9 (x32 Version: 3.1.6.9)
xp-AntiSpy 3.98-2 (x32)
XQDC X-Setup Pro 9.2.100 (x32 Version: 9.2.100)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-12-30 04:14 - 05739548 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net m.fr.a2dfp.net ad.a8.net asy.a8ww.net abcstats.com a.abv.bg adserver.abv.bg adv.abv.bg bimg.abv.bg
127.0.0.1 ca.abv.bg www2.a-counter.kiev.ua track.acclaimnetwork.com accuserveadsystem.com www.accuserveadsystem.com achmedia.com aconti.net secure.aconti.net www.aconti.net
127.0.0.1 am1.activemeter.com www.activemeter.com ads.activepower.net stat.active24stats.nl cms.ad2click.nl ad2games.com ads.ad2games.com content.ad20.net core.ad20.net
127.0.0.1 banner.ad.nu cl21.v4.adaction.se adadvisor.net tag1.adaptiveads.com www.adbanner.ro wad.adbasket.net ad.pop1.adbn.ru ad.top1.adbn.ru ad.rich1.adbn.ru
127.0.0.1 james.adbutler.de www.adbutler.de www.adchimp.com show.adclick.lv www.adclick.lv ad-clix.com www.ad-clix.com servedby.adcombination.com adcomplete.com
127.0.0.1 www.adcomplete.com static.uk.addynamo.com www.adeos.eu pt.server1.adexit.com www.adexit.com 222-33544_999.pub.adfirmative.com c.adfirmative.com www.adfirmative.com track.adform.net
127.0.0.1 ads.adfox.ru gazeta.adfox.ru media.adfrontiers.com www.adgitize.com adsrv.adgroupm.com www.ad-groups.com adhitzads.com ssl3.adhost.com www2.adhost.com
127.0.0.1 mztag.ad-indicator.com adfarm1.adition.com imagesrv.adition.com ad.adition.net hosting.adjug.com tracking.adjug.com aj.adjungle.com adsearch.adkontekst.pl www.adlantis.jp
127.0.0.1 publicidad.adlead.com www.adlimg03.com regio.adlink.de west.adlink.de rc.de.adlink.net tr.de.adlink.net adloyal.pl n.admagnet.net ad-maker.net
127.0.0.1 ads3.adman.gr r2d2.adman.gr ad.admamba.com admarket.cz www.admarket.cz js.admeld.com tag.admeld.com admigo.ru data.admigo.ru
127.0.0.1 apps.admission.net appcache.admission.net view.admission.net www.ad.admitad.com ad.admixer.net rms.admeta.com assets3.admulti.com go.admulti.com ads.admodus.com
127.0.0.1 ad.adnet.biz ad.adnetwork.com.br img.adnet.com.tr www.ad-net.co.uk adnext.fr adpixel.com.ru tt11.adobe.com ace.adoftheyear.com ad01.adonspot.com
127.0.0.1 ad02.adonspot.com www.adoperator.com www.adperium.com img.adplan-ds.com e.adpower.bg ab.adpro.com.ua system.adquick.nl www.adquest.nl www.adreap.com
127.0.0.1 adroll.com jsad1.adsflip.com www.adsurve.com www.ad-purge.com cntr.adrime.com images.adrime.com ad.adriver.ru content.adriver.ru r.adrolays.de
127.0.0.1 www.adrotate.net serv.ad-rotator.com antevenio.flux.ads-click.com rh.adscale.de www.adsxchange.lv assets.adtaily.com fusion.adtoma.com engage2.advanstar.com ds.advg.jp
127.0.0.1 m.adx.bg beta.adyea.com delivery.adyea.com img.ads-click.com ad.ads.dk tdkads.ads.dk js.adscale.de ih.adscale.de adscendmedia.com
127.0.0.1 adservicedomain.info adsfac.net images.adshuffle.com this.content.served.by.adshuffle.com adsfac.eu ad.ad-srv.net www.adshot.de allchix.adsmax.com www2.adsmax.com
127.0.0.1 www.adspace.be ads.adsponse.de adserve.adster.com images.adster.com openx.adtext.ro ads.adtiger.de www.adtiger.de ad.adtoma.com downldcl.adtoolsinc.com
127.0.0.1 www.adtoolsinc.com dot.adtotal.pl rek.adtotal.pl www.adtrade.net www.adtrader.com ads.adtube.de www.adultadvertising.net www.adultbanners.co.uk adultmoneymakers.com
127.0.0.1 www.adultmoviegroup.com www.adult-tracker.de counter.adultrevenueservice.com counterimg1.adultrevenueservice.com www.adultwords.eu euroad1.advantage.as adve.net ad.adver.com.tw advert.hu
127.0.0.1 apps.advertlets.com www.advertlets.com www.adverticus.de ads.advertise.net advertisingpurchase.com ad.adverticum.net img.adverticum.net imgs.adverticum.net www.advertising365.com
127.0.0.1 ad.advertstream.com usas1.advfn.com images.adviews.de www.adviews.de ad.adview.pl adp.adview.pl bi.adview.pl adv.adwish.net ads.adwitserver.com
127.0.0.1 ad.adworx.at www.ad-z.de ads.afa.net sttc.affiliate.hu tr.affiliate.hu ads.affiliateclub.com banners.affiliatefuture.com images.affiliator.com imp.affiliator.com
127.0.0.1 rotation.affiliator.com media.affiliatelounge.com js.affiliatelounge.com record.affiliatelounge.com web1.affiliatelounge.com hits.affiliatetraction.com banners.affilimatch.de stats.agent.co.il atd.agencytradingdesk.net
127.0.0.1 stats.agentinteractive.com ac.ajur.info openx.ajur.info adlik2.akavita.com ads1.a-lehdet.fi download.china.alibaba.com log.aliiike.com ads.allaccess.com.ph adcontent2.allaccess.com.ph
127.0.0.1 tracking.allposters.com ad.allstar.cz taobaoafp.allyes.cn bokee.allyes.com demoafp.allyes.com eastmoney.allyes.com smarttrade.allyes.com sroomafp.allyes.com taobaoafp.allyes.com
127.0.0.1 tom.allyes.com uuseeafp.allyes.com yeskyafp.allyes.com ad.altervista.org pqwaker.altervista.org adimg.alice.it adv.alice.it advloc.alice.it altmedia101.com
127.0.0.1 www.alwayson-network.com adtools2.amakings.com ad.amgdgt.com vfdeprod.amobee.com banners.amsterdamcash.com widgets.amung.us whos.amung.us advert.ananzi.co.za advert2.ananzi.co.za

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0461722D-FF97-4881-A833-E2526BEEB3D5} - System32\Tasks\{01CA28B3-80CF-461A-AA38-13B0C43BDC4C} => C:\Program Files (x86)\QuickTime Alternative\QuickTimePlayer.exe [2007-04-28] ()
Task: {096B3AB4-76EC-43CE-B739-4F396FF121CD} - System32\Tasks\{51E579F7-0BD5-4F94-8BE6-199646826AC8} => C:\Users\siegmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\__ AUDIO - VIDEO\MPEG_Streamclip_1.2.1b2\MPEG_Streamclip.exe [2010-08-04] (Squared 5)
Task: {0B1C2A0A-5944-48BE-A2BF-817985785A7A} - System32\Tasks\{4F8F2CCD-BC3A-4A18-A901-18ACFF22E134} => C:\Users\siegmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\__ AUDIO - VIDEO\MPEG_Streamclip_1.2.1b2\MPEG_Streamclip.exe [2010-08-04] (Squared 5)
Task: {1100AF7F-02F1-496C-AF6B-6765513E1E1A} - System32\Tasks\{3233BF42-1DBC-43C2-94C6-E13A908E2944} => C:\Program Files (x86)\QuickTime Alternative\QuickTimePlayer.exe [2007-04-28] ()
Task: {21F0BC2B-C6A0-408A-B5A0-EA9493EE6142} - System32\Tasks\{4880C4B8-0D99-4460-9305-BDED5716FC4F} => C:\Program Files (x86)\OpenExpert\OpenExpert.exe [2002-05-31] ()
Task: {30DDE4A9-4D4C-4577-9B34-4BB8DE19994C} - System32\Tasks\{BBFAA424-A54E-4FFA-89F0-864905017F86} => C:\Users\siegmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\__ AUDIO - VIDEO\MPEG_Streamclip_1.2.1b2\MPEG_Streamclip.exe [2010-08-04] (Squared 5)
Task: {41043179-16A1-4A47-9B8B-98E83424EBDF} - System32\Tasks\{1C32B62E-A346-4592-8B1D-A8FA1B2A5032} => C:\Users\silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\__ AUDIO - VIDEO\MPEG_Streamclip_1.2.1b2\MPEG_Streamclip.exe [2010-08-04] (Squared 5)
Task: {497DBF3C-80CE-4B3C-B2A3-61814A41F105} - System32\Tasks\{DFA07CCB-C74C-4A88-BD14-5EF74DD5C7D5} => C:\Program Files (x86)\ERUNT\NTREGOPT.EXE [2005-10-20] ()
Task: {4A1DA736-2BD5-460A-99F3-88C560A0147E} - System32\Tasks\{A67571F8-5BD6-41D8-A152-0ACF976791BA} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013-08-19] (Mozilla Corporation)
Task: {51F9688D-7FD4-42A5-992A-0AD3AE7286FD} - System32\Tasks\{69D13A90-0839-4E21-A6C8-F6F5AECDC0F9} => C:\Program Files (x86)\Secunia\PSI\psi.exe [2013-07-03] (Secunia)
Task: {55D6A567-5DEB-4CF4-9A1B-DC5B457D15CE} - System32\Tasks\{6A51B2C2-7F0A-4FB6-AF11-0DA1D17EBB3E} => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OmniPage.exe [2005-12-19] (ScanSoft, Inc.)
Task: {5DB8FD31-150C-4A3B-A6D2-FA8F414741FE} - System32\Tasks\{A6A14256-FC13-485F-961A-52FCC4AC7D9E} => C:\Program Files (x86)\HostsMan\hm.exe [2010-02-06] (abelhadigital.com)
Task: {6631F840-F7B6-4A48-8BAB-4CC3B5865E80} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-30] (Adobe Systems Incorporated)
Task: {66D80574-55B8-4E70-9F1C-1FE440A30218} - System32\Tasks\{BDC370DE-0D67-498F-B884-873C5A3EEBBA} => C:\Program Files (x86)\Canon\CanoScan Toolbox Ver5.0\CSTBox.exe [2006-08-09] (CANON INC.)
Task: {6E4ACB0B-813C-432F-86F4-D2898B37A9E4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {7247E35E-E7B6-41DC-82C3-4F9784402636} - System32\Tasks\{5AE481A9-5000-44C2-8B14-E47624595A84} => C:\Program Files (x86)\Safer Networking\FileAlyzer 2\FileAlyzer2.exe No File
Task: {76AA10AC-4377-41C3-BBF3-52CA7D9A77AE} - System32\Tasks\{4D41075E-5B05-4CBC-84E0-6147DD1D0309} => C:\Users\siegmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\__ AUDIO - VIDEO\MPEG_Streamclip_1.2.1b2\MPEG_Streamclip.exe [2010-08-04] (Squared 5)
Task: {7920F892-33A7-4271-BDDB-F788A25872AE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {7B06F0FC-781C-4036-9A4D-B78D5DDE57C9} - System32\Tasks\{36B6E977-344D-4906-9C8C-C4BA62EB8677} => C:\Program Files (x86)\ArcSoft\PhotoStudio 5.5\PhotoStudio.exe [2005-08-25] (ArcSoft, Inc.)
Task: {7C965567-7C43-4E86-B259-09B35B2D3330} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {8462F3B9-541C-4A10-976C-C7C09ADD9053} - System32\Tasks\{8A1BE786-A9EE-42B5-AAC3-A03003AFAF21} => C:\Program Files (x86)\FilmRiss\FilmRiss.exe No File
Task: {8B6E2D5A-ADD8-49B6-9DFD-F92864689A27} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {9CCC493F-5901-4703-9AE2-B10BC7B8F696} - System32\Tasks\{B840D4A2-DA05-4A04-AECD-53A4CF256284} => C:\Program Files (x86)\FilmRiss\FilmRiss.exe No File
Task: {9D1B3041-80A3-4D87-B983-77EA45A02976} - System32\Tasks\{1A3911CD-138B-490D-B092-C237CD5B79D7} => C:\Program Files (x86)\Safer Networking\FileAlyzer 2\FileAlyzer2.exe No File
Task: {AA1FA3D5-54E9-475D-B565-1B47FC03A54C} - System32\Tasks\{B5D7F28B-1D00-4198-A149-4D2D0A7B3DA6} => C:\Program Files (x86)\HostsMan\hostssrv.exe [2010-02-06] (abelhadigital.com)
Task: {AE9CB7FF-DCE2-48A3-BDBB-77A768CA17D0} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {BA47A89D-2383-41D6-A460-C448B8997470} - System32\Tasks\{8DAFA652-EDF6-473C-A7C8-AEC96175D50E} => C:\Program Files (x86)\ERUNT\NTREGOPT.EXE [2005-10-20] ()
Task: {C9091E2B-03DD-41D8-946A-431D9401F5C0} - System32\Tasks\{47F628AA-60D0-4F63-AD9B-57F3D1FAE61C} => C:\Users\siegmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\__ AUDIO - VIDEO\MPEG_Streamclip_1.2.1b2\MPEG_Streamclip.exe [2010-08-04] (Squared 5)
Task: {D481047A-32E9-4AEF-B7A9-79E106D47A2C} - System32\Tasks\{AEC6314D-C2B1-4BD5-A04D-4D8CAAFD45C6} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013-08-19] (Mozilla Corporation)
Task: {D7C94BDB-9269-4D96-92EB-5630BC25E223} - System32\Tasks\Microsoft\Windows\PLA\Neuer Sammlungssatz => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {D835142B-4BF2-4C36-A71A-28093A3B6695} - System32\Tasks\{E7FF170C-EEFC-470F-95E9-3257505FF189} => C:\Program Files (x86)\HostsMan\hostssrv.exe [2010-02-06] (abelhadigital.com)
Task: {E37127B8-D683-4032-89D3-9E5A10E4DE44} - System32\Tasks\{62939063-56FC-4017-95D8-590AAA4014DB} => C:\Program Files (x86)\HostsMan\hostssrv.exe [2010-02-06] (abelhadigital.com)
Task: {E430C208-E5BB-4C05-B8F8-8A71DBB4BF40} - System32\Tasks\{9AC7602D-5DB9-4F61-9892-E1CA8887BAF4} => C:\Program Files (x86)\QuickTime Alternative\QuickTimePlayer.exe [2007-04-28] ()
Task: {E5FD5D6F-5F17-497A-911A-C2524CEC88D5} - System32\Tasks\{C506F964-437F-4288-A49E-F3E37EA53409} => C:\Program Files (x86)\Safer Networking\FileAlyzer 2\FileAlyzer2.exe No File
Task: {F8C378EC-CD16-481C-9CCD-6CCE0D604D07} - System32\Tasks\{6D0F10B0-2E14-4C07-96EE-EFB3E2805A63} => C:\Users\silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\__ AUDIO - VIDEO\MPEG_Streamclip_1.2.1b2\MPEG_Streamclip.exe [2010-08-04] (Squared 5)
Task: {FFC14988-B05F-42F2-A271-35EBE6C5DF35} - System32\Tasks\{8D6F8ABC-195B-43DF-9547-63AFF61D8E2B} => C:\Program Files (x86)\Canon\CanoScan Toolbox Ver5.0\CSTBox.exe [2006-08-09] (CANON INC.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2013 00:32:53 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/22/2013 06:41:16 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/16/2013 11:29:37 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: PrintIsolationHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bd3b1
Name des fehlerhaften Moduls: KMUU60TF.DLL, Version: 6.0.29.15, Zeitstempel: 0x5193c746
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000144756
ID des fehlerhaften Prozesses: 0x11e8
Startzeit der fehlerhaften Anwendung: 0xPrintIsolationHost.exe0
Pfad der fehlerhaften Anwendung: PrintIsolationHost.exe1
Pfad des fehlerhaften Moduls: PrintIsolationHost.exe2
Berichtskennung: PrintIsolationHost.exe3

Error: (08/10/2013 00:30:08 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: fppdis4.exe, Version: 4.64.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: fppdes4.dll, Version: 4.64.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000076b1b
ID des fehlerhaften Prozesses: 0x12e0
Startzeit der fehlerhaften Anwendung: 0xfppdis4.exe0
Pfad der fehlerhaften Anwendung: fppdis4.exe1
Pfad des fehlerhaften Moduls: fppdis4.exe2
Berichtskennung: fppdis4.exe3

Error: (08/09/2013 06:03:07 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/09/2013 02:21:04 PM) (Source: MsiInstaller) (User: i3-PC)
Description: Product: Classic Shell -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\bf8f8.ipi, -2147287035,

Error: (08/09/2013 02:18:53 PM) (Source: MsiInstaller) (User: i3-PC)
Description: Product: Classic Shell -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\bf8e8.ipi, -2147287035,

Error: (08/09/2013 02:17:37 PM) (Source: MsiInstaller) (User: i3-PC)
Description: Product: Classic Shell -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\bf8d8.ipi, -2147287035,

Error: (08/09/2013 02:13:53 PM) (Source: MsiInstaller) (User: i3-PC)
Description: Product: Classic Shell -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\bf8d6.ipi, -2147287035,

Error: (08/09/2013 02:13:20 PM) (Source: MsiInstaller) (User: i3-PC)
Description: Product: Classic Shell -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\bf8d4.ipi, -2147287035,


System errors:
=============
Error: (08/23/2013 10:12:23 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (90000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.

Error: (08/22/2013 06:12:56 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (90000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.

Error: (08/22/2013 04:43:04 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (90000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.

Error: (08/22/2013 04:36:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/22/2013 04:36:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/22/2013 04:36:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/22/2013 04:36:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/22/2013 04:36:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/22/2013 04:36:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/22/2013 04:36:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (08/24/2013 00:32:53 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*C:\Users\siegmar\Sr Essentials\MozBackup-1.4.10-EN\dll\DelZip179.dllC:\Users\siegmar\Sr Essentials\MozBackup-1.4.10-EN\dll\DelZip179.dll8

Error: (08/22/2013 06:41:16 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*C:\Users\siegmar\Sr Essentials\MozBackup-1.4.10-EN\dll\DelZip179.dllC:\Users\siegmar\Sr Essentials\MozBackup-1.4.10-EN\dll\DelZip179.dll8

Error: (08/16/2013 11:29:37 AM) (Source: Application Error)(User: )
Description: PrintIsolationHost.exe6.1.7600.163854a5bd3b1KMUU60TF.DLL6.0.29.155193c746c0000005000000000014475611e801ce9a631b0f27f4C:\Windows\system32\PrintIsolationHost.exeC:\Windows\system32\spool\DRIVERS\x64\3\KMUU60TF.DLL5e3c610d-0656-11e3-b29e-6cf04977eea2

Error: (08/10/2013 00:30:08 AM) (Source: Application Error)(User: )
Description: fppdis4.exe4.64.0.000000000fppdes4.dll4.64.0.000000000c00000050000000000076b1b12e001ce954ed3ed0c1eC:\Windows\system32\spool\DRIVERS\x64\3\fppdis4.exeC:\Windows\system32\spool\DRIVERS\x64\3\fppdes4.dll3e7e70b9-0143-11e3-8904-6cf04977eea2

Error: (08/09/2013 06:03:07 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*C:\Users\siegmar\Sr Essentials\MozBackup-1.4.10-EN\dll\DelZip179.dllC:\Users\siegmar\Sr Essentials\MozBackup-1.4.10-EN\dll\DelZip179.dll8

Error: (08/09/2013 02:21:04 PM) (Source: MsiInstaller)(User: i3-PC)
Description: Product: Classic Shell -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\bf8f8.ipi, -2147287035, (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/09/2013 02:18:53 PM) (Source: MsiInstaller)(User: i3-PC)
Description: Product: Classic Shell -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\bf8e8.ipi, -2147287035, (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/09/2013 02:17:37 PM) (Source: MsiInstaller)(User: i3-PC)
Description: Product: Classic Shell -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\bf8d8.ipi, -2147287035, (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/09/2013 02:13:53 PM) (Source: MsiInstaller)(User: i3-PC)
Description: Product: Classic Shell -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\bf8d6.ipi, -2147287035, (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/09/2013 02:13:20 PM) (Source: MsiInstaller)(User: i3-PC)
Description: Product: Classic Shell -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\bf8d4.ipi, -2147287035, (NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2013-03-22 23:36:26.466
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume20\6   MH\Installation\SysinternalsSuite_0502\PORTMSYS.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-22 23:36:26.321
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume20\6   MH\Installation\SysinternalsSuite_0502\PORTMSYS.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-24 19:23:59.849
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\siegmar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sys\SysinternalsSuite\PORTMSYS.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-24 19:23:59.775
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\siegmar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sys\SysinternalsSuite\PORTMSYS.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-24 19:23:37.941
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\siegmar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sys\SysinternalsSuite\PORTMSYS.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-24 19:23:37.870
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\siegmar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sys\SysinternalsSuite\PORTMSYS.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-01-31 18:00:44.664
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\siegmar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sys\SysinternalsSuite\PORTMSYS.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-01-31 18:00:44.594
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\siegmar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sys\SysinternalsSuite\PORTMSYS.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-12-13 00:30:52.309
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Safer Networking\FileAlyzer 2\pcrelib.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-13 00:30:52.183
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Safer Networking\FileAlyzer 2\pcrelib.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 7931.48 MB
Available physical RAM: 5077.75 MB
Total Pagefile: 8953.67 MB
Available Pagefile: 5907.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Win7) (Fixed) (Total:60.54 GB) (Free:12.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (W7-Data) (Fixed) (Total:29.29 GB) (Free:29.17 GB) NTFS
Drive e: (TEXT) (Fixed) (Total:3.56 GB) (Free:2.2 GB) FAT32
Drive f: (GRAFIK) (Fixed) (Total:97.63 GB) (Free:63.85 GB) FAT32
Drive g: (WAVE) (Fixed) (Total:8.53 GB) (Free:3.08 GB) FAT32
Drive h: (MISC) (Fixed) (Total:11.36 GB) (Free:1.85 GB) FAT32
Drive i: (I_DWNLD) (Fixed) (Total:1.41 GB) (Free:0.32 GB) FAT32
Drive j: (E-MAIL) (Fixed) (Total:1.41 GB) (Free:1.22 GB) FAT32
Drive k: (QUARANTA) (Fixed) (Total:1.41 GB) (Free:1.12 GB) FAT32
Drive l: (MTARCHIV) (Fixed) (Total:9.54 GB) (Free:1.42 GB) FAT32
Drive m: (MT) (Fixed) (Total:9.75 GB) (Free:3.55 GB) FAT32
Drive n: (TBPROFIL) (Fixed) (Total:29.48 GB) (Free:17.73 GB) NTFS
Drive o: (PROG_SET) (Fixed) (Total:8.58 GB) (Free:2.8 GB) FAT32
Drive p: (PC) (Fixed) (Total:7.37 GB) (Free:3.91 GB) FAT32
Drive q: (TEL_LEX) (Fixed) (Total:9.75 GB) (Free:7.7 GB) FAT32
Drive r: (USB DISK) (Removable) (Total:14.77 GB) (Free:10.9 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 7C575D3A)
Partition 1: (Active) - (Size=61 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 596 GB) (Disk ID: 7C575D3C)
Partition 1: (Not Active) - (Size=267 GB) - (Type=OF Extended)

========================================================
Disk: 8 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================

schrauber · 24.08.2013, 11:41

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Holzpferd · 24.08.2013, 18:39

Hallo Schrauber,

Danke für deine Hilfe.

Zunächst das Ergebnis:

Der Windows-Start, bis das Internet zur Verfügung steht, hat sich um 2 bis 3 Minuten verkürzt. Auch MSE ist sofort nach dem Einloggen da im Gegensatz zu vorher. Damit ist ein Ärgernis beseitigt, das mich schon einige Monate ärgert.
Der WinPatrol New Program Alert „Systray .exe stub“ taucht immer noch auf.

Im Folgenden möchte ich hier einige Erläuterungen zu meinem Vorgehen geben:

Bisher habe ich alle Aktionen in einem Standardbenutzer-Konto (Name: „siegmar“) durchgeführt, dies aber mit Administratorrechten im Nutzer-Kontext (mittels SuRun)
Nach Durchlaufen von ComboFix und zweimaligem Neustart (Fehlerbeschreibung folgt) habe ich dann den 3. Neustart in ein Administratorkonto (Name: Anfangsnutzer) durchgeführt, woraufhin der Start fehlerlos verlief.
Bezüglich MSE habe ich den Echtzeitschutz deaktiviert und über den Taskmanager den Prozess „msseces.exe“ beendet.
WinPatrol habe ich beendet, indem ich über das Kontextmenü des Systray-Icons den Menüpunkt „Exit Program“ gewählt habe, und zwar obwohl der oben genannte New Program Alert geöffnet war.
Zemana Antilogger Free habe ich weiter laufen lassen, weil das zwar ein Sicherheitsprogramm aber kein Malware-Scanner ist.

Fehlerbeschreibung nach Durchlaufen von ComboFix:

Ein ComboFix-Konsolenfenster öffnete und schloss in sehr hohem Tempo, und zwar leicht örtlich versetzt, so dass man kaum die Titelleiste auslesen konnte. Dieses Fenster ließ sich nicht beenden. Mit bloßem Auge konnte ich mit Mühe die Titelleiste „C:\ComboFix\pev.3XE“ erkennen. Durch ein paar Digitalfotos konnte ich dann noch eine 2. Titelleiste „C:\ComboFix\CF1666.3XE“ erkennen, die allerdings weit weniger oft erschien.

Die Maus reagierte noch und konnte noch andere Fenster öffnen, jedoch nicht mehr durch OK oder Schließen usw. beenden.

Ich konnte aber Ctrl+Alt+Del ausführen und von dort aus neustarten.

schrauber · 24.08.2013, 19:21

Logs bitte immer in den Thread posten.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Holzpferd · 25.08.2013, 16:30

Hallo Schrauber,

vorab eine Frage: Ich bin mir immer unsicher, ob ich deine Anweisungen in einem Standardnutzer-Konto durchführen darf oder nicht (habe ich bisher immer so gehalten), ob ich Administratorrechte nur wenn von dir oder vom Tool angefordert nutzen soll und falls ja, ob dann SuRun-Administratorrechte (also User-Kontext) genügen. Vielleicht kannst du dazu mal was Grundsätzliches sagen.

Die neuen Logdateien und Anmerkungen dazu:

1. Malwarebytes Antimalware

- Malwarebytes 1.70 war drauf, habe ich deinstalliert;
- Malwarebytes 1.75 neu installiert und aktualisiert bei ausgeschalteten Sicherheitsprogrammen und Firewall;
- Entgegen der Anweisung in http://www.trojaner-board.de/51187-a...i-malware.html (zu spät nachgelesen) Vollständigen Suchlauf durchgeführt mit allen Laufwerken außer den optischen (X:\ und Y.\);

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Admin :: I3-PC [Administrator]

25.08.2013 01:18:09
mbam-log-2013-08-25 (01-18-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|O:\|P:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 686433
Laufzeit: 54 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\siegmar\Downloads\MediaInfo_GUI_0.7.43_Windows_x64.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\siegmar\Downloads\nirsoft_package_1.17.03.zip (HackTool.Asterisk) -> Erfolgreich gelöscht und in Quarantäne gestellt.
O:\- ANWENDUNGEN groß\controlBIT Profile verschieben\win7-9924-2002-premium-dvd\Download #9924 Premium (c) 2011 controlBIT DVD Version 2.0.02\Software\GOMPLAYERENSETUP_Version_2.1.28.5039.exe (PUP.Optional.AskToolbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

2. AdwCleaner

In der Anweisung war nur die Datei [Sx].txt gefordert, weshalb ich hier nur meine S0.txt beifüge und die R0.txt weglasse.

Code:

ATTFilter

# AdwCleaner v3.001 - Report created 25/08/2013 at 03:56:20
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : siegmar - I3-PC
# Running from : C:\Users\siegmar\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DeviceVM
Folder Deleted : C:\Program Files (x86)\driver-soft
Folder Deleted : C:\Program Files (x86)\Spesoft
Folder Deleted : C:\Users\siegmar\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\siegmar\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\siegmar\AppData\LocalLow\Spesoft
[#] Folder Deleted : C:\Users\Anfangsnutzer\AppData\Local\Conduit
[#] Folder Deleted : C:\Users\Anfangsnutzer\AppData\Local\ConduitEngine
[#] Folder Deleted : C:\Users\Anfangsnutzer\AppData\Local\OpenCandy
[#] Folder Deleted : C:\Users\Anfangsnutzer\AppData\Local\PackageAware
Folder Deleted : C:\Users\silvia\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\silvia\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\silvia\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\silvia\AppData\LocalLow\Spesoft
Folder Deleted : C:\Users\Administrator.i3-PC\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Administrator.i3-PC\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\Conduit
Folder Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\Smartbar
Folder Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\CT2481020
Folder Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\CT2117678
Folder Deleted : C:\Users\siegmar\AppData\Roaming\Mozilla\Firefox\Profiles\e7qs9ka3.default\Extensions\{AA994882-F391-4D2E-806F-8908DA4814ED}
Folder Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\Extensions\{5786d022-540e-4699-b350-b4be0ae94b79}
Folder Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\Extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\searchplugins\Conduit.xml
File Deleted : C:\Users\siegmar\AppData\Roaming\Mozilla\Firefox\Profiles\e7qs9ka3.default\user.js
File Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\user.js
File Deleted : C:\Users\silvia\AppData\Roaming\Mozilla\Firefox\Profiles\7vthv3bg.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xqdcXSP_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader44761_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader44761_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_unlocker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_unlocker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94817C02-FEAC-4AA8-99D8-1CB47BF4D4C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56E054E7-C80D-4DBF-82BC-3476A96A00E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94817C02-FEAC-4AA8-99D8-1CB47BF4D4C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94817C02-FEAC-4AA8-99D8-1CB47BF4D4C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{56E054E7-C80D-4DBF-82BC-3476A96A00E7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D152AA56-FB6E-4383-9375-A8F4179D7CB4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FE62600-CFBC-4C2B-9112-AFFF5BA38987}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{94817C02-FEAC-4AA8-99D8-1CB47BF4D4C0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{94817C02-FEAC-4AA8-99D8-1CB47BF4D4C0}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Spesoft
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\eRightSoft\OpenCandy
Key Deleted : HKLM\Software\Spesoft
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spesoft Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\siegmar\AppData\Roaming\Mozilla\Firefox\Profiles\e7qs9ka3.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=mcafee&p=");

[ File : C:\Users\siegmar\AppData\Roaming\Mozilla\Firefox\Profiles\e975fjdq.test\prefs.js ]


[ File : C:\Users\siegmar\AppData\Roaming\Mozilla\Firefox\Profiles\fxi46d8d.srwww\prefs.js ]

Line Deleted : user_pref("extensions.nosquint.sites", "wer-weiss-was.de=0,1372327292105,54,140,0,0,false,0,0,false wikimedia.org=0,1371024400099,42,110,0,0,false,0,0,false winload.de=0,1363564748519,26,110,0,0,false[...]

[ File : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\prefs.js ]

Line Deleted : user_pref("CT2117678..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2117678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2117678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2117678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2117678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2117678.BrowserCompStateIsOpen_129808998463171277", true);
Line Deleted : user_pref("CT2117678.CTID", "CT2117678");
Line Deleted : user_pref("CT2117678.CurrentServerDate", "22-8-2013");
Line Deleted : user_pref("CT2117678.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2117678.DialogsGetterLastCheckTime", "Thu Aug 22 2013 16:08:11 GMT+0200");
Line Deleted : user_pref("CT2117678.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2117678.EMailNotifierPollDate", "Wed Jan 19 2011 18:09:28 GMT+0100");
Line Deleted : user_pref("CT2117678.FirstServerDate", "6-11-2010");
Line Deleted : user_pref("CT2117678.FirstTime", true);
Line Deleted : user_pref("CT2117678.FirstTimeFF3", true);
Line Deleted : user_pref("CT2117678.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2117678.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2117678.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2117678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2117678.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2117678.Initialize", true);
Line Deleted : user_pref("CT2117678.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2117678.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2117678.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2117678.InstalledDate", "Sat Nov 06 2010 10:21:29 GMT+0100");
Line Deleted : user_pref("CT2117678.InvalidateCache", false);
Line Deleted : user_pref("CT2117678.IsGrouping", false);
Line Deleted : user_pref("CT2117678.IsMulticommunity", false);
Line Deleted : user_pref("CT2117678.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2117678.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2117678.LanguagePackLastCheckTime", "Thu Aug 22 2013 16:08:11 GMT+0200");
Line Deleted : user_pref("CT2117678.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2117678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2117678.LastLogin_2.7.2.0", "Wed Jan 19 2011 16:08:23 GMT+0100");
Line Deleted : user_pref("CT2117678.LastLogin_3.12.2.3", "Sat Jul 28 2012 14:35:46 GMT+0200");
Line Deleted : user_pref("CT2117678.LastLogin_3.19.0.3", "Thu Aug 22 2013 16:08:11 GMT+0200");
Line Deleted : user_pref("CT2117678.LatestVersion", "3.19.0.3");
Line Deleted : user_pref("CT2117678.Locale", "en-us");
Line Deleted : user_pref("CT2117678.LoginCache", 4);
Line Deleted : user_pref("CT2117678.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2117678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2117678.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2117678.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2117678.RadioIsPodcast", false);
Line Deleted : user_pref("CT2117678.RadioLastCheckTime", "Wed Jan 19 2011 16:08:23 GMT+0100");
Line Deleted : user_pref("CT2117678.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2117678.RadioLastUpdateServer", "128929877726170000");
Line Deleted : user_pref("CT2117678.RadioMediaID", "9583498");
Line Deleted : user_pref("CT2117678.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2117678.RadioMenuSelectedID", "EBRadioMenu_CT21176789583498");
Line Deleted : user_pref("CT2117678.RadioStationName", "ABC%20Newsradio%20");
Line Deleted : user_pref("CT2117678.RadioStationURL", "hxxp://www.abc.net.au/streaming/newsradio.asx");
Line Deleted : user_pref("CT2117678.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2117678.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2117678&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2117678.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2117678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&q=");
Line Deleted : user_pref("CT2117678.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2117678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2117678.SearchInNewTabLastCheckTime", "Thu Aug 22 2013 16:08:10 GMT+0200");
Line Deleted : user_pref("CT2117678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT2117678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2117678.SearchProtectorToolbarDisabled", true);
Line Deleted : user_pref("CT2117678.ServiceMapLastCheckTime", "Thu Aug 22 2013 16:08:11 GMT+0200");
Line Deleted : user_pref("CT2117678.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2117678.SettingsLastCheckTime", "Thu Aug 22 2013 16:08:10 GMT+0200");
Line Deleted : user_pref("CT2117678.SettingsLastUpdate", "1377175698");
Line Deleted : user_pref("CT2117678.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2117678.ThirdPartyComponentsLastCheck", "Thu Jan 13 2011 15:43:33 GMT+0100");
Line Deleted : user_pref("CT2117678.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2117678.ToolbarDisabled", false);
Line Deleted : user_pref("CT2117678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2117678");
Line Deleted : user_pref("CT2117678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2117678.UserID", "UN83692611778116520");
Line Deleted : user_pref("CT2117678.ValidationData_Search", 1);
Line Deleted : user_pref("CT2117678.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2117678.WeatherNetwork", "");
Line Deleted : user_pref("CT2117678.WeatherPollDate", "Wed Jan 19 2011 17:45:29 GMT+0100");
Line Deleted : user_pref("CT2117678.WeatherUnit", "C");
Line Deleted : user_pref("CT2117678.alertChannelId", "522511");
Line Deleted : user_pref("CT2117678.clientLogIsEnabled", true);
Line Deleted : user_pref("CT2117678.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2117678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2117678.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2117678.initDone", true);
Line Deleted : user_pref("CT2117678.myStuffEnabled", true);
Line Deleted : user_pref("CT2117678.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2117678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2117678.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2117678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2117678.revertSettingsEnabled", true);
Line Deleted : user_pref("CT2117678.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2117678.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2117678.testingCtid", "");
Line Deleted : user_pref("CT2117678.toolbarAppMetaDataLastCheckTime", "Thu Aug 22 2013 16:08:11 GMT+0200");
Line Deleted : user_pref("CT2117678.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2319825.CTID", "CT2319825");
Line Deleted : user_pref("CT2319825.CurrentServerDate", "24-3-2011");
Line Deleted : user_pref("CT2319825.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2319825.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2319825.EMailNotifierPollDate", "Thu Mar 24 2011 16:40:58 GMT+0100");
Line Deleted : user_pref("CT2319825.FeedPollDate11908299", "Thu Mar 24 2011 16:15:57 GMT+0100");
Line Deleted : user_pref("CT2319825.FirstServerDate", "1-3-2011");
Line Deleted : user_pref("CT2319825.FirstTime", true);
Line Deleted : user_pref("CT2319825.FirstTimeFF3", true);
Line Deleted : user_pref("CT2319825.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2319825.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2319825.Initialize", true);
Line Deleted : user_pref("CT2319825.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2319825.InstalledDate", "Tue Mar 01 2011 17:37:07 GMT+0100");
Line Deleted : user_pref("CT2319825.InvalidateCache", false);
Line Deleted : user_pref("CT2319825.IsGrouping", false);
Line Deleted : user_pref("CT2319825.IsMulticommunity", false);
Line Deleted : user_pref("CT2319825.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2319825.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2319825.LanguagePackLastCheckTime", "Thu Mar 24 2011 16:15:58 GMT+0100");
Line Deleted : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2319825.LastLogin_2.7.2.0", "Thu Mar 24 2011 16:15:57 GMT+0100");
Line Deleted : user_pref("CT2319825.LatestVersion", "3.2.5.2");
Line Deleted : user_pref("CT2319825.Locale", "de");
Line Deleted : user_pref("CT2319825.LoginCache", 4);
Line Deleted : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2319825.RadioIsPodcast", false);
Line Deleted : user_pref("CT2319825.RadioLastCheckTime", "Thu Mar 24 2011 15:32:20 GMT+0100");
Line Deleted : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Line Deleted : user_pref("CT2319825.RadioMediaID", "11949532");
Line Deleted : user_pref("CT2319825.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Line Deleted : user_pref("CT2319825.RadioStationName", "1Live");
Line Deleted : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a");
Line Deleted : user_pref("CT2319825.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2319825&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");
Line Deleted : user_pref("CT2319825.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Thu Mar 24 2011 15:32:20 GMT+0100");
Line Deleted : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2319825.SettingsLastCheckTime", "Thu Mar 24 2011 15:32:19 GMT+0100");
Line Deleted : user_pref("CT2319825.SettingsLastUpdate", "1297858000");
Line Deleted : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Thu Mar 24 2011 15:32:19 GMT+0100");
Line Deleted : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
Line Deleted : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2319825.UserID", "UN36041393932531207");
Line Deleted : user_pref("CT2319825.ValidationData_Toolbar", 0);
Line Deleted : user_pref("CT2319825.WeatherNetwork", "");
Line Deleted : user_pref("CT2319825.WeatherPollDate", "Thu Mar 24 2011 16:15:58 GMT+0100");
Line Deleted : user_pref("CT2319825.WeatherUnit", "C");
Line Deleted : user_pref("CT2319825.alertChannelId", "715912");
Line Deleted : user_pref("CT2319825.clientLogIsEnabled", true);
Line Deleted : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2319825.myStuffEnabled", true);
Line Deleted : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2481020.1000082.currentList", "[{\"stationId\":\"9962\",\"url\":\"hxxp://feedlive.net/california.asx\",\"description\":\"California Rock\",\"text\":\"Californi...\",\"type\":\"STREAM\"},{[...]
Line Deleted : user_pref("CT2481020.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT2481020.1000082.localStations", "[{\"stationId\":\"8546\",\"url\":\"hxxp://stream.radio8.de:8000/live.m3u\",\"description\":\"Radio 8\",\"text\":\"Radio 8\",\"type\":\"STREAM\"},{\"statio[...]
Line Deleted : user_pref("CT2481020.1000082.nowPlaying", "{\"stationId\":\"9962\",\"url\":\"hxxp://feedlive.net/california.asx\",\"description\":\"California Rock\",\"text\":\"Californi...\",\"type\":\"STREAM\"}");
Line Deleted : user_pref("CT2481020.1000082.publisherStations", "[{\"stationId\":\"9962\",\"url\":\"hxxp://feedlive.net/california.asx\",\"description\":\"California Rock\",\"text\":\"Californi...\",\"type\":\"STREA[...]
Line Deleted : user_pref("CT2481020.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT2481020.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2481020.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2481020.FirstTime", "true");
Line Deleted : user_pref("CT2481020.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2481020.UserID", "UN87609821186406137");
Line Deleted : user_pref("CT2481020.autoDisableScopes", -1);
Line Deleted : user_pref("CT2481020.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT2481020.defaultSearch", "true");
Line Deleted : user_pref("CT2481020.embeddedsData", "[{\"appId\":\"129058856464656507\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT2481020.enableAlerts", "always");
Line Deleted : user_pref("CT2481020.enableFix404", "true");
Line Deleted : user_pref("CT2481020.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2481020.firstTimeDialogOpened", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2481020.installId", "ConduitNSISIntegration");
Line Deleted : user_pref("CT2481020.installType", "ConduitXPEIntegration");
Line Deleted : user_pref("CT2481020.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2481020.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT2481020.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2481020.keyword", true);
Line Deleted : user_pref("CT2481020.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://AshampooDE.OurToolbar.co[...]
Line Deleted : user_pref("CT2481020.openThankYouPage", "false");
Line Deleted : user_pref("CT2481020.openUninstallPage", "false");
Line Deleted : user_pref("CT2481020.search.searchAppId", "129058856464656507");
Line Deleted : user_pref("CT2481020.search.searchCount", "0");
Line Deleted : user_pref("CT2481020.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2481020.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2481020.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2481020.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2481020\"}");
Line Deleted : user_pref("CT2481020.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://AshampooDE.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT2481020.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Ashampoo DE\"}");
Line Deleted : user_pref("CT2481020.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2481020.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT2481020.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1337346386169");
Line Deleted : user_pref("CT2481020.serviceLayer_services_appTracking_lastUpdate", "1337346266927");
Line Deleted : user_pref("CT2481020.serviceLayer_services_appsMetadata_lastUpdate", "1337346266195");
Line Deleted : user_pref("CT2481020.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1337346385994");
Line Deleted : user_pref("CT2481020.serviceLayer_services_login_10.7.6.2_lastUpdate", "1337346266396");
Line Deleted : user_pref("CT2481020.serviceLayer_services_optimizer_lastUpdate", "1333847086699");
Line Deleted : user_pref("CT2481020.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1337346386018");
Line Deleted : user_pref("CT2481020.serviceLayer_services_searchAPI_lastUpdate", "1337346266566");
Line Deleted : user_pref("CT2481020.serviceLayer_services_serviceMap_lastUpdate", "1337346265884");
Line Deleted : user_pref("CT2481020.serviceLayer_services_toolbarContextMenu_lastUpdate", "1337346385956");
Line Deleted : user_pref("CT2481020.serviceLayer_services_toolbarSettings_lastUpdate", "1337346266237");
Line Deleted : user_pref("CT2481020.serviceLayer_services_translation_lastUpdate", "1337346266011");
Line Deleted : user_pref("CT2481020.settingsINI", true);
Line Deleted : user_pref("CT2481020.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2481020.smartbar.CTID", "CT2481020");
Line Deleted : user_pref("CT2481020.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2481020.smartbar.homepage", true);
Line Deleted : user_pref("CT2481020.smartbar.isHidden", true);
Line Deleted : user_pref("CT2481020.smartbar.toolbarName", "Ashampoo DE ");
Line Deleted : user_pref("CT2481020.toolbarBornServerTime", "8-4-2012");
Line Deleted : user_pref("CT2481020.toolbarCurrentServerTime", "18-5-2012");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2117678/CT2117678", "\"45da049bec9229783652907a678f2ebd3\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2117678", "\"1336426452\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"04afd94b864cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"97e416bb586ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2117678", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"8dadc1e739a8770c78e10babe6554bb8\"");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2117678,CT2319825");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2117678,CT2319825");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Mar 24 2011 15:32:19 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{d98cf821-7059-4dea-adf1-9e292beb3abd}");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Mar 24 2011 15:32:20 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "896ea3e3-be96-4182-9315-172b95dbd8be");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFSB3&ctid=CT2481020&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Ashampoo DE Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB3&ctid=CT2481020&SearchSource=2&q=");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB3&ctid=CT2481020&SearchSource=2&q=");
Line Deleted : user_pref("tfp.CT2481020", true);

[ File : C:\Users\silvia\AppData\Roaming\Mozilla\Firefox\Profiles\7vthv3bg.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=mcafee&p=");

[ File : C:\Users\silvia\AppData\Roaming\Mozilla\Firefox\Profiles\hup3cfe7.Standard-Benutzer\prefs.js ]


*************************

AdwCleaner[R0].txt - [32336 octets] - [25/08/2013 03:49:21]
AdwCleaner[S0].txt - [32725 octets] - [25/08/2013 03:56:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [32786 octets] ##########

3. Junkware Removal Tool

Hier war etwas Seltsames passiert, was ich bisher noch nie hatte: Nach Ausführung JRT mit den Rechten eines Administratorkontos (diesmal hatte ich ausnahmsweise nicht SuRun genommen) hatte ich plötzlich den etwas abgewandelten Desktop dieses Administrators und sein Profilbild unter START in meinem User-Konto. Das User-Konto war aber nach Neustart wieder normal.

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Professional x64
Ran by Admin on 25.08.2013 at  4:15:23,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1124670
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2117678
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2319825
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskbarHelper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskbarHelper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskman_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskman_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskbarHelper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskbarHelper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\taskman_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\taskman_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Anfangsnutzer\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Anfangsnutzer\appdata\locallow\conduitengine"



~~~ FireFox

Successfully deleted the following from C:\Users\Anfangsnutzer\AppData\Roaming\mozilla\firefox\profiles\cj2trsc3.default\prefs.js

user_pref("extensions.optimizegoogle.cookies.SafeSearch", "empty");
user_pref("extensions.optimizegoogle.cookies.enableSafeSearch", false);
Emptied folder: C:\Users\Anfangsnutzer\AppData\Roaming\mozilla\firefox\profiles\cj2trsc3.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.08.2013 at  4:19:15,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4. Frisches FRST log

Hier fällt mir auf, dass unter „Internet (Whitelisted)“ in der 1. Zeile steht: „ProxyServer: localhost:12080“. Ich weiß nicht, wie das zustandekommt und was das zu bedeuten hat. Ich habe nämlich in den Firefox-Einstellungen „Kein Proxy“ stehen und in den „Einstellungen für lokales Netzwerk“ keines der Kästchen (Userkonto) bzw. „Einstellungen automatisch erkennen“ (Administratorkonto) angehakt. „ProxyServer: localhost:12080“ hatte ich früher mal eingestellt, das ist aber jetzt ausgegraut.

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013
Ran by siegmar (administrator) on 25-08-2013 16:03:22
Running from C:\Users\siegmar\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun32.bin
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2009-12-08] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [SuRun Systemmenü-Erweiterung] - C:\Windows\SuRun.exe [727552 2012-01-20] (hxxp://kay-bruns.de)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [151552 2013-06-29] (IvoSoft)
HKLM\...\Run: [USB Safely Remove] - C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe [2423168 2012-05-29] (Crystal Rich Ltd)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [AlwaysMouseWheel] - O:\Zentrale Prog-Sammelstelle (exe)\AlwaysMouseWheel.exe [55808 2012-10-02] (Nenad Hrg (SoftwareOK.com))
HKCU\...\Run: [NetworkIndicator] - C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe [344064 2010-10-25] (ITSamples.com)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [DirectFolders] - C:\Program Files (x86)\Direct Folders\df.exe [272896 2010-06-03] (Code Sector Inc.)
HKLM-x32\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM-x32\...\Run: [systray] - C:\Windows\System32\systray.exe [9216 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [ZALFree] - C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [12999472 2013-07-22] (Zemana Ltd.)
HKU\Anfangsnutzer\...\Run: [AlwaysMouseWheel] - O:\Zentrale Prog-Sammelstelle (exe)\AlwaysMouseWheel.exe [55808 2012-10-02] (Nenad Hrg (SoftwareOK.com))
HKU\Anfangsnutzer\...\Run: [everything] - C:\PROGRAM FILES (X86)\EVERYTHING\EVERYTHING.EXE [602624 2009-03-13] ()
HKU\Anfangsnutzer\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner64.exe [5629720 2013-01-23] (Piriform Ltd)
HKU\silvia\...\Run: [AutoSizer] - "C:\Program Files (x86)\AutoSizer\AutoSizer.exe" [x]
HKU\silvia\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup [x]
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KeyCrypt64(1).dll [89936 2013-07-22] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KeyCrypt32(1).dll [82696 2013-07-22] (Zemana Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:12080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKCU - No Name - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
ShellExecuteHooks: SuRun Shell Extension - {2C7B6088-5A77-4d48-BE43-30337DCA9A86} - SuRunExt.dll No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\siegmar\AppData\Roaming\Mozilla\Firefox\Path=Profiles\e975fjdq.test
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=8 - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: No Name - C:\Users\siegmar\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\siegmar\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

S4 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S4 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 Super User Run (SuRun) Service; C:\Windows\SuRun.exe [727552 2012-01-20] (hxxp://kay-bruns.de)
R2 USBSafelyRemoveService; C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [1473920 2012-05-29] (Crystal Rich Ltd)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-27] (Windows (R) Codename Longhorn DDK provider)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25568 2013-07-22] (Zemana Ltd.)
S3 MEMSWEEP2; C:\Windows\system32\66ED.tmp [6144 2009-06-18] (Sophos Plc)
S3 MEMSWEEP2; C:\Windows\system32\66ED.tmp [6144 2009-06-18] (Sophos Plc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 PORTMON; \??\R:\6   MH\Installation\SysinternalsSuite_0502\PORTMSYS.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-25 04:26 - 2013-08-25 04:26 - 00003195 ____C C:\Users\siegmar\Desktop\JRT.txt
2013-08-25 04:15 - 2013-08-25 04:15 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 03:49 - 2013-08-25 03:56 - 00000000 ___DC C:\AdwCleaner
2013-08-25 03:42 - 2013-08-25 03:42 - 01021434 ____C (Thisisu) C:\Users\siegmar\Desktop\JRT.exe
2013-08-25 03:41 - 2013-08-25 03:41 - 00994642 ____C C:\Users\siegmar\Desktop\adwcleaner.exe
2013-08-25 01:13 - 2013-08-25 01:13 - 00001073 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-25 01:13 - 2013-08-25 01:13 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-25 01:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-25 00:51 - 2013-08-25 00:51 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\siegmar\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-24 19:37 - 2013-08-24 19:37 - 00051749 ____C C:\ComboFix.zip
2013-08-24 17:39 - 2013-08-24 17:39 - 01174464 ____C C:\ComboFix.txt
2013-08-24 17:10 - 2013-08-24 17:39 - 00000000 ___DC C:\ComboFix
2013-08-24 17:10 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-24 17:10 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-24 17:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-24 17:09 - 2013-08-24 17:39 - 00000000 ___DC C:\Qoobox
2013-08-24 16:04 - 2013-08-24 16:04 - 05111180 ___RC (Swearware) C:\Users\siegmar\Desktop\ComboFix.exe
2013-08-24 02:08 - 2013-08-24 02:09 - 00036691 ____C C:\Users\siegmar\Desktop\Addition.txt
2013-08-24 02:07 - 2013-08-24 02:07 - 00000000 ___DC C:\FRST
2013-08-23 11:53 - 2013-08-23 11:53 - 00494400 ____C (ITSTH                                                       ) C:\Users\siegmar\Downloads\WhatsMyComputerDoing_E.exe
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ___DC C:\Users\siegmar\AppData\Local\AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00001104 ____C C:\Users\Public\Desktop\AntiLogger Free.lnk
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\Zemana AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\KeyCryptSDK
2013-08-21 19:02 - 2013-07-22 18:10 - 00025568 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2013-08-21 18:29 - 2013-08-21 18:29 - 01810944 ____C C:\Users\siegmar\Downloads\MBSASetup-x64-DE.msi
2013-08-21 18:25 - 2013-08-21 18:25 - 01327120 ____C C:\Users\siegmar\Downloads\KeyScrambler_Setup.exe
2013-08-21 18:15 - 2013-08-21 18:14 - 04322816 _____ (Zemana Ltd.                                                 ) C:\Users\siegmar\Downloads\AntiLoggerFree_Setup_1.6.2.245.exe
2013-08-19 17:06 - 2013-08-19 17:06 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\Steuerfälle
2013-08-16 11:28 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-16 11:28 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-16 11:28 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-16 11:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-16 11:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-16 11:28 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-16 11:28 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-16 11:28 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-16 11:28 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-16 11:28 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-16 11:28 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-16 11:18 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 11:18 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 11:18 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-16 11:18 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-16 11:18 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 11:18 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 11:18 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 11:18 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-16 11:18 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 11:18 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 11:18 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-16 11:18 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 11:13 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-16 11:13 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-16 11:13 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-16 11:13 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-16 11:13 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-16 11:13 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-16 11:13 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-16 11:13 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-16 11:13 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-16 11:13 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-16 11:13 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-16 11:13 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-16 11:13 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 11:13 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-16 11:13 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-16 11:12 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-09 15:24 - 2013-08-09 15:24 - 00282112 ____C (Mozilla) C:\Users\siegmar\Downloads\Firefox Setup Stub 23.0.exe
2013-08-09 14:38 - 2013-08-09 14:38 - 00000093 ____C C:\Users\Public\Documents\Fehler 2203 (bei Install Classic Shell erstmals aufgetreten).txt
2013-08-09 14:13 - 2013-08-09 14:13 - 00003156 _____ C:\Windows\System32\Tasks\{2C80D82E-6EBA-454C-84A8-90FD68CDC180}
2013-08-09 13:59 - 2013-08-09 13:59 - 08437760 ____C (IvoSoft) C:\Users\siegmar\Downloads\ClassicShellSetup_3_6_8.exe
2013-08-04 14:36 - 2013-08-21 12:19 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-04 14:35 - 2013-08-04 14:35 - 00000000 ____D C:\Users\siegmar\Downloads\mbar-1.06.0.1004
2013-08-04 14:34 - 2013-08-04 14:35 - 13399154 ____C C:\Users\siegmar\Downloads\mbar-1.06.0.1004.zip
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-03 01:39 - 2013-08-03 01:39 - 00000000 ___DC C:\Program Files (x86)\Java
2013-08-03 01:38 - 2013-08-03 01:39 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21E6.tmp
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21D6.tmp
2013-08-02 22:51 - 2013-08-02 22:51 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Macromedia
2013-08-02 00:17 - 2013-08-12 09:59 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Thunderbird
2013-08-01 23:28 - 2013-08-01 23:32 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Roaming\Media Player Classic
2013-08-01 17:33 - 2013-08-01 17:33 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VS Revo Group
2013-08-01 17:26 - 2013-08-01 17:26 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Secunia PSI
2013-08-01 17:12 - 2013-08-01 17:12 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VirtualStore
2013-07-31 14:33 - 2013-08-01 23:37 - 00000000 ___DC C:\Users\Anfangsnutzer\.dvdcss
2013-07-29 10:19 - 2013-07-29 10:32 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\WPA Files

==================== One Month Modified Files and Folders =======

2013-08-25 15:56 - 2012-12-06 03:50 - 00000000 ___DC C:\Program Files (x86)\Everything
2013-08-25 12:41 - 2010-04-11 13:39 - 01238203 _____ C:\Windows\WindowsUpdate.log
2013-08-25 12:36 - 2013-08-25 12:36 - 01576506 ____C (Farbar) C:\Users\siegmar\Desktop\FRST64.exe
2013-08-25 12:36 - 2009-07-14 06:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-25 12:36 - 2009-07-14 06:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-25 12:31 - 2011-07-22 18:21 - 00000000 ___DC C:\Users\siegmar\AppData\Roaming\USBSafelyRemove
2013-08-25 12:30 - 2012-12-03 11:54 - 00018893 _____ C:\Windows\setupact.log
2013-08-25 12:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-25 04:26 - 2013-08-25 04:26 - 00003195 ____C C:\Users\siegmar\Desktop\JRT.txt
2013-08-25 04:15 - 2013-08-25 04:15 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 03:56 - 2013-08-25 03:49 - 00000000 ___DC C:\AdwCleaner
2013-08-25 03:42 - 2013-08-25 03:42 - 01021434 ____C (Thisisu) C:\Users\siegmar\Desktop\JRT.exe
2013-08-25 03:41 - 2013-08-25 03:41 - 00994642 ____C C:\Users\siegmar\Desktop\adwcleaner.exe
2013-08-25 03:28 - 2010-08-17 11:37 - 00429472 _____ C:\Windows\PFRO.log
2013-08-25 01:13 - 2013-08-25 01:13 - 00001073 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-25 01:13 - 2013-08-25 01:13 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-25 00:51 - 2013-08-25 00:51 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\siegmar\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-24 19:37 - 2013-08-24 19:37 - 00051749 ____C C:\ComboFix.zip
2013-08-24 17:39 - 2013-08-24 17:39 - 01174464 ____C C:\ComboFix.txt
2013-08-24 17:39 - 2013-08-24 17:10 - 00000000 ___DC C:\ComboFix
2013-08-24 17:39 - 2013-08-24 17:09 - 00000000 ___DC C:\Qoobox
2013-08-24 17:39 - 2009-07-14 05:20 - 00000000 _RHDC C:\Users\Default
2013-08-24 17:37 - 2010-04-25 02:24 - 00000000 ____D C:\Windows\ERDNT
2013-08-24 17:34 - 2009-07-14 04:34 - 00000215 ____C C:\Windows\system.ini
2013-08-24 16:04 - 2013-08-24 16:04 - 05111180 ___RC (Swearware) C:\Users\siegmar\Desktop\ComboFix.exe
2013-08-24 12:24 - 2009-07-14 19:58 - 00855588 _____ C:\Windows\system32\perfh007.dat
2013-08-24 12:24 - 2009-07-14 19:58 - 00205000 _____ C:\Windows\system32\perfc007.dat
2013-08-24 12:24 - 2009-07-14 07:13 - 01984690 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-24 02:09 - 2013-08-24 02:08 - 00036691 ____C C:\Users\siegmar\Desktop\Addition.txt
2013-08-24 02:07 - 2013-08-24 02:07 - 00000000 ___DC C:\FRST
2013-08-23 18:16 - 2010-04-21 11:42 - 00000000 ___DC C:\Users\siegmar\Desktop\_deskcut
2013-08-23 11:53 - 2013-08-23 11:53 - 00494400 ____C (ITSTH                                                       ) C:\Users\siegmar\Downloads\WhatsMyComputerDoing_E.exe
2013-08-23 10:10 - 2010-11-05 19:06 - 00000000 ____D C:\Windows\System32\Tasks\NCH Swift Sound
2013-08-22 17:42 - 2012-08-11 02:35 - 00000782 _____ C:\Windows\regscanner.cfg
2013-08-22 17:36 - 2012-11-06 15:11 - 00000000 ___DC C:\Program Files\Microsoft Windows Performance Toolkit
2013-08-22 17:36 - 2012-11-06 15:11 - 00000000 ____D C:\Users\siegmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Windows Performance Toolkit
2013-08-22 17:04 - 2010-08-24 00:56 - 00013948 ____C C:\Users\siegmar\Desktop\DesktopOK.ini
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ___DC C:\Users\siegmar\AppData\Local\AntiLogger Free
2013-08-22 16:42 - 2011-07-24 19:03 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Roaming\USBSafelyRemove
2013-08-22 16:39 - 2013-02-17 17:11 - 00000000 ___DC C:\Users\Anfangsnutzer\__aktuelle Probleme
2013-08-21 19:02 - 2013-08-21 19:02 - 00001104 ____C C:\Users\Public\Desktop\AntiLogger Free.lnk
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\Zemana AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\KeyCryptSDK
2013-08-21 18:29 - 2013-08-21 18:29 - 01810944 ____C C:\Users\siegmar\Downloads\MBSASetup-x64-DE.msi
2013-08-21 18:25 - 2013-08-21 18:25 - 01327120 ____C C:\Users\siegmar\Downloads\KeyScrambler_Setup.exe
2013-08-21 18:14 - 2013-08-21 18:15 - 04322816 _____ (Zemana Ltd.                                                 ) C:\Users\siegmar\Downloads\AntiLoggerFree_Setup_1.6.2.245.exe
2013-08-21 12:19 - 2013-08-04 14:36 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-21 11:27 - 2013-02-21 17:55 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\PDF-Dateien
2013-08-21 11:05 - 2013-02-04 14:42 - 00000000 ____D C:\Users\siegmar\Documents\Reg-Datei-Exporte
2013-08-21 10:54 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-08-21 10:45 - 2011-01-08 18:50 - 00000000 ____D C:\Windows\pss
2013-08-21 10:08 - 2010-01-01 02:33 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 17:53 - 2012-12-05 17:55 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-08-19 17:06 - 2013-08-19 17:06 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\Steuerfälle
2013-08-16 15:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-16 11:16 - 2013-07-11 01:40 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 11:14 - 2010-04-12 18:04 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-16 00:53 - 2012-05-23 15:08 - 00000000 ___DC C:\ProgramData\SecTaskMan
2013-08-13 15:21 - 2013-03-21 20:54 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\Neuer Ordner (4)
2013-08-12 17:25 - 2013-05-15 12:13 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-08-12 09:59 - 2013-08-02 00:17 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Thunderbird
2013-08-09 17:24 - 2010-04-16 19:40 - 00000000 ___DC C:\Program Files\Classic Shell
2013-08-09 15:50 - 2011-07-25 01:52 - 00000000 ____D C:\Users\silvia\AppData\Roaming\USBSafelyRemove
2013-08-09 15:24 - 2013-08-09 15:24 - 00282112 ____C (Mozilla) C:\Users\siegmar\Downloads\Firefox Setup Stub 23.0.exe
2013-08-09 14:43 - 2012-07-05 07:51 - 00000000 ___DC C:\Users\siegmar\__Aktuelle Probleme
2013-08-09 14:38 - 2013-08-09 14:38 - 00000093 ____C C:\Users\Public\Documents\Fehler 2203 (bei Install Classic Shell erstmals aufgetreten).txt
2013-08-09 14:13 - 2013-08-09 14:13 - 00003156 _____ C:\Windows\System32\Tasks\{2C80D82E-6EBA-454C-84A8-90FD68CDC180}
2013-08-09 13:59 - 2013-08-09 13:59 - 08437760 ____C (IvoSoft) C:\Users\siegmar\Downloads\ClassicShellSetup_3_6_8.exe
2013-08-07 19:10 - 2010-04-12 17:52 - 08126464 _____ C:\Users\Anfangsnutzer\ntuser.bak
2013-08-07 19:10 - 2010-04-12 17:52 - 00000000 ___DC C:\Users\Anfangsnutzer
2013-08-07 19:10 - 2009-07-14 04:34 - 80216064 _____ C:\Windows\system32\config\software.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 28573696 _____ C:\Windows\system32\config\system.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 04718592 _____ C:\Windows\system32\config\default.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 00131072 _____ C:\Windows\system32\config\sam.bak
2013-08-07 10:39 - 2011-04-11 16:26 - 00000000 ___DC C:\ProgramData\AAV
2013-08-04 14:35 - 2013-08-04 14:35 - 00000000 ____D C:\Users\siegmar\Downloads\mbar-1.06.0.1004
2013-08-04 14:35 - 2013-08-04 14:34 - 13399154 ____C C:\Users\siegmar\Downloads\mbar-1.06.0.1004.zip
2013-08-04 14:29 - 2010-10-07 16:36 - 00000000 __RDC C:\Users\siegmar\Desktop\_Aktuell
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-03 01:39 - 2013-08-03 01:39 - 00000000 ___DC C:\Program Files (x86)\Java
2013-08-03 01:39 - 2013-08-03 01:38 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-03 01:39 - 2012-05-22 15:30 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-03 01:39 - 2010-07-29 17:42 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21E6.tmp
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21D6.tmp
2013-08-02 23:06 - 2010-06-23 01:28 - 00000000 ___DC C:\Users\Administrator
2013-08-02 22:51 - 2013-08-02 22:51 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Macromedia
2013-08-02 09:01 - 2010-04-13 07:07 - 00192648 ____C C:\Users\Anfangsnutzer\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-01 23:39 - 2011-02-05 15:01 - 00000000 __RDC C:\Users\Anfangsnutzer\.smplayer
2013-08-01 23:37 - 2013-07-31 14:33 - 00000000 ___DC C:\Users\Anfangsnutzer\.dvdcss
2013-08-01 23:32 - 2013-08-01 23:28 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Roaming\Media Player Classic
2013-08-01 17:33 - 2013-08-01 17:33 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VS Revo Group
2013-08-01 17:26 - 2013-08-01 17:26 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Secunia PSI
2013-08-01 17:12 - 2013-08-01 17:12 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VirtualStore
2013-08-01 08:50 - 2010-04-20 10:49 - 00000000 ___DC C:\Users\siegmar\AppData\Roaming\ATViewer
2013-08-01 01:07 - 2010-09-14 17:49 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Google
2013-07-31 17:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-31 06:57 - 2012-11-01 16:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-30 01:19 - 2012-11-01 16:17 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-30 01:19 - 2012-04-11 16:54 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-30 01:19 - 2011-06-23 19:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-30 01:19 - 2010-06-02 12:32 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Adobe
2013-07-29 10:32 - 2013-07-29 10:19 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\WPA Files
2013-07-28 02:25 - 2010-08-10 10:22 - 00000000 ____D C:\Users\siegmar\dwhelper
2013-07-28 01:29 - 2011-01-26 12:42 - 00000000 ___DC C:\Users\siegmar\.smplayer
2013-07-26 07:13 - 2013-08-16 11:18 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-16 11:18 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-16 11:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-16 11:18 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-16 11:18 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-16 11:18 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-16 11:18 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-16 11:18 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-16 11:18 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-16 11:18 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-16 11:18 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-16 11:18 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

Files to move or delete:
====================
C:\Users\siegmar\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 18:37

==================== End Of Log ============================

--- --- ---

Den Tab "Fix" habe ich nicht benutzt, da ich keine Anweisung dazu hatte.

5. Ergebnis

Der WinPatrol New Program Alert „Systray .exe stub“ taucht immer noch auf.

schrauber · 25.08.2013, 19:50

Scans passen schon so. Jetzt noch nen Onlinescan, um die Reste aufzudecken, dann schauen wir nach Winpatrol.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Holzpferd · 26.08.2013, 10:37

Hallo Schrauber,

die sehr guten und klaren Anweisungen lassen immer noch Fragen offen, wo ich eigene Entscheidungen treffen muss, von denen ich dann nicht weiß, ob sie im Sinne des Helfers sind. Deshalb schreibe ich zu jeder log-Datei meine eigenen Entscheidungen dazu, wenn sie mir erwähnenswert erscheinen. Diese Entscheidungen betreffen so Dinge wie Rechte, Neustart, Schließen aller Autostartprogramme, Deaktivierung von Sicherheitsprogrammen, die zwar häufig, aber nicht immer in den Anweisungen erwähnt werden.

1. ESET Online Scanner Log

Da ich alle Laufwerksbuchstaben von C: bis Q: für Laufwerke auf meinen 2 internen Festplatten vergeben habe und X: und Y: meinen DVD-Laufwerken zugeordnet sind. bleiben mir für die anzuschließenden externen Festplatten, USB-Sticks usw. nur die Laufwerksbuchstaben R, S, T, U, V, W, Z. Diese werden alle von meiner wchtigsten externen Festplatte gebraucht, da ich die 1-TB-Platte in so viele Partitionen aufgeteilt habe. Ich konnte deshalb nur diese Festplatte in den Scan einbeziehen. Was mache ich nun mit meiner 2. externen Festplatte und meinen USB-Sticks und Memory Cards? Und was mache ich mit meiner bei diesem Scan bereits mitgeprüften externen Festplatte, falls darauf Malware gefunden wurde? Die sollten ja laut Anweisung nicht removed werden.
Den sonst immer gut gefüllten Papierkorb brauchte ich nicht zu leeren. Als ich es versuchte, stellte er sich als leer heraus. Ich weiß nicht, wann das passiert sein soll.
Nach der Deinstallation von EsetOnlineScanner habe ich keinen Neustart gemacht, sondern habe sofort die vorher heruntergeladenen SecurityCheck und FRST64 ausgeführt, übrigens bei wieder ausgehängter externer Festplatte.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4490a11827839741a383f9aad52e6203
# engine=14899
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-26 05:07:55
# local_time=2013-08-26 07:07:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 3993844 129123525 0 0
# scanned=818888
# found=15
# cleaned=0
# scan_time=19147
sh=7C7C9EDBC87E34854E9601352E7A7E42AAA7DD32 ft=1 fh=21738499146dcf55 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\Program Files (x86)\Device Doctor\DDSmartScan.exe"
sh=9676A9F5A1A673137F1930432721631865A15B43 ft=1 fh=d7223b11f8c47e7a vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\Users\Anfangsnutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\__Treiber\DeviceDoctor_Bundle.exe"
sh=A70F6102C2DAD2C2F5A1BC14813F73A612B0DC84 ft=1 fh=35b83bf5726d9d9d vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\Users\Anfangsnutzer\Documents\Device Doctor (Treiber-Auflistung)\DeviceDoctor12_Bundle (setup).exe"
sh=A70F6102C2DAD2C2F5A1BC14813F73A612B0DC84 ft=1 fh=35b83bf5726d9d9d vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\Users\Anfangsnutzer\Eigene Dateien\Device Doctor (Treiber-Auflistung)\DeviceDoctor12_Bundle (setup).exe"
sh=9676A9F5A1A673137F1930432721631865A15B43 ft=1 fh=d7223b11f8c47e7a vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\Users\siegmar\Anwendungsdaten\Microsoft\Windows\Start Menu\Programs\__Treiber\DeviceDoctor_Bundle.exe"
sh=9676A9F5A1A673137F1930432721631865A15B43 ft=1 fh=d7223b11f8c47e7a vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\Users\siegmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\__Treiber\DeviceDoctor_Bundle.exe"
sh=00067BCE9705521028C689AC644118786E49FD6A ft=1 fh=969dc6ac9a0e14a9 vn="NSIS/TrojanDownloader.Agent.NNI trojan" ac=I fn="C:\Users\siegmar\Downloads\WK.1050.SB.Schlagbohrmaschine.Kingcraft.pdf.exe"
sh=4778C42E151FD27B02CDE908DCD475922C54D757 ft=1 fh=84d663c4b61fcd50 vn="a variant of Win32/Adware.ErrorClean application" ac=I fn="O:\neu auf intneu-Desktop\registryfix (dwnld051215).exe"
sh=5D50EE930FC2764944559F7076F14BA4E61CF573 ft=0 fh=0000000000000000 vn="JS/Agent.NEJ trojan" ac=I fn="P:\Windows_7\Anzeige\enable-use-adaptive-brightness-windows-7-Dateien\jquery.js"
sh=352A30FC031D595C56DBCAADA02785819365680E ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="P:\Windows_7\Registry\Registry-Zugriffe unter Windows Vista 64Bit für 32Bit Anwendungen _ .NET und PDF Software.htm"
sh=74267BEB3B73299728C5324563F83A47527CE3AF ft=0 fh=0000000000000000 vn="Eicar test file" ac=I fn="S:\Transfer BARTON - i3\Thunderbird (srwww 100530)\Profiles\qko74fas.srwww\eicar.com"
sh=74267BEB3B73299728C5324563F83A47527CE3AF ft=0 fh=0000000000000000 vn="Eicar test file" ac=I fn="S:\3   Lw_N (+ alteTb-Profile srwww) (Dez_2010)\Profiles_100503\qko74fas.srwww\eicar.com"
sh=4778C42E151FD27B02CDE908DCD475922C54D757 ft=1 fh=84d663c4b61fcd50 vn="a variant of Win32/Adware.ErrorClean application" ac=I fn="W:\neu auf intneu-Desktop\registryfix (dwnld051215).exe"
sh=5D50EE930FC2764944559F7076F14BA4E61CF573 ft=0 fh=0000000000000000 vn="JS/Agent.NEJ trojan" ac=I fn="Z:\Windows_7\Anzeige\enable-use-adaptive-brightness-windows-7-Dateien\jquery.js"
sh=352A30FC031D595C56DBCAADA02785819365680E ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="Z:\Windows_7\Registry\Registry-Zugriffe unter Windows Vista 64Bit für 32Bit Anwendungen _ .NET und PDF Software.htm"

2. SecurityCheck

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.72  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 xp-AntiSpy 3.98-2    
 Secunia PSI (3.0.0.7011)   
 HostsMan 3.2.73    
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 JavaFX 2.1.0    
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.94  
 Mozilla Firefox (23.0.1) 
 Mozilla Thunderbird (17.0.8) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 WinPatrol winpatrol.exe 
 BillP Studios WinPatrol winpatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

3. Frisches FRST log

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-08-2013
Ran by siegmar (administrator) on 26-08-2013 09:36:12
Running from C:\Users\siegmar\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun32.bin
(Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2009-12-08] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [SuRun Systemmenü-Erweiterung] - C:\Windows\SuRun.exe [727552 2012-01-20] (hxxp://kay-bruns.de)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [151552 2013-06-29] (IvoSoft)
HKLM\...\Run: [USB Safely Remove] - C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe [2423168 2012-05-29] (Crystal Rich Ltd)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [AlwaysMouseWheel] - O:\Zentrale Prog-Sammelstelle (exe)\AlwaysMouseWheel.exe [55808 2012-10-02] (Nenad Hrg (SoftwareOK.com))
HKCU\...\Run: [NetworkIndicator] - C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe [344064 2010-10-25] (ITSamples.com)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [DirectFolders] - C:\Program Files (x86)\Direct Folders\df.exe [272896 2010-06-03] (Code Sector Inc.)
HKLM-x32\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM-x32\...\Run: [systray] - C:\Windows\System32\systray.exe [9216 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [ZALFree] - C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [12999472 2013-07-22] (Zemana Ltd.)
HKU\Anfangsnutzer\...\Run: [AlwaysMouseWheel] - O:\Zentrale Prog-Sammelstelle (exe)\AlwaysMouseWheel.exe [55808 2012-10-02] (Nenad Hrg (SoftwareOK.com))
HKU\Anfangsnutzer\...\Run: [everything] - C:\PROGRAM FILES (X86)\EVERYTHING\EVERYTHING.EXE [602624 2009-03-13] ()
HKU\Anfangsnutzer\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner64.exe [5629720 2013-01-23] (Piriform Ltd)
HKU\silvia\...\Run: [AutoSizer] - "C:\Program Files (x86)\AutoSizer\AutoSizer.exe" [x]
HKU\silvia\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup [x]
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KeyCrypt64(1).dll [89936 2013-07-22] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KeyCrypt32(1).dll [82696 2013-07-22] (Zemana Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:12080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKCU - No Name - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
ShellExecuteHooks: SuRun Shell Extension - {2C7B6088-5A77-4d48-BE43-30337DCA9A86} - SuRunExt.dll No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\siegmar\AppData\Roaming\Mozilla\Firefox\Path=Profiles\e975fjdq.test
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=8 - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: No Name - C:\Users\siegmar\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\siegmar\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

S4 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S4 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 Super User Run (SuRun) Service; C:\Windows\SuRun.exe [727552 2012-01-20] (hxxp://kay-bruns.de)
R2 USBSafelyRemoveService; C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [1473920 2012-05-29] (Crystal Rich Ltd)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-27] (Windows (R) Codename Longhorn DDK provider)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25568 2013-07-22] (Zemana Ltd.)
S3 MEMSWEEP2; C:\Windows\system32\66ED.tmp [6144 2009-06-18] (Sophos Plc)
S3 MEMSWEEP2; C:\Windows\system32\66ED.tmp [6144 2009-06-18] (Sophos Plc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 PORTMON; \??\R:\6   MH\Installation\SysinternalsSuite_0502\PORTMSYS.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-26 01:34 - 2013-08-26 01:34 - 00891115 ____C C:\Users\siegmar\Desktop\SecurityCheck.exe
2013-08-26 01:04 - 2013-08-26 01:04 - 02347384 ____C (ESET) C:\Users\siegmar\Downloads\esetsmartinstaller_enu.exe
2013-08-25 04:26 - 2013-08-25 04:26 - 00003195 ____C C:\Users\siegmar\Desktop\JRT.txt
2013-08-25 04:15 - 2013-08-25 04:15 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 03:49 - 2013-08-25 03:56 - 00000000 ___DC C:\AdwCleaner
2013-08-25 03:42 - 2013-08-25 03:42 - 01021434 ____C (Thisisu) C:\Users\siegmar\Desktop\JRT.exe
2013-08-25 03:41 - 2013-08-25 03:41 - 00994642 ____C C:\Users\siegmar\Desktop\adwcleaner.exe
2013-08-25 01:13 - 2013-08-25 01:13 - 00001073 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-25 01:13 - 2013-08-25 01:13 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-25 01:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-25 00:51 - 2013-08-25 00:51 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\siegmar\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-24 19:37 - 2013-08-24 19:37 - 00051749 ____C C:\ComboFix.zip
2013-08-24 17:39 - 2013-08-24 17:39 - 01174464 ____C C:\ComboFix.txt
2013-08-24 17:10 - 2013-08-24 17:39 - 00000000 ___DC C:\ComboFix
2013-08-24 17:10 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-24 17:10 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-24 17:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-24 17:09 - 2013-08-24 17:39 - 00000000 ___DC C:\Qoobox
2013-08-24 16:04 - 2013-08-24 16:04 - 05111180 ___RC (Swearware) C:\Users\siegmar\Desktop\ComboFix.exe
2013-08-24 02:08 - 2013-08-24 02:09 - 00036691 ____C C:\Users\siegmar\Desktop\Addition.txt
2013-08-24 02:07 - 2013-08-24 02:07 - 00000000 ___DC C:\FRST
2013-08-23 11:53 - 2013-08-23 11:53 - 00494400 ____C (ITSTH                                                       ) C:\Users\siegmar\Downloads\WhatsMyComputerDoing_E.exe
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ___DC C:\Users\siegmar\AppData\Local\AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00001104 ____C C:\Users\Public\Desktop\AntiLogger Free.lnk
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\Zemana AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\KeyCryptSDK
2013-08-21 19:02 - 2013-07-22 18:10 - 00025568 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2013-08-21 18:29 - 2013-08-21 18:29 - 01810944 ____C C:\Users\siegmar\Downloads\MBSASetup-x64-DE.msi
2013-08-21 18:25 - 2013-08-21 18:25 - 01327120 ____C C:\Users\siegmar\Downloads\KeyScrambler_Setup.exe
2013-08-21 18:15 - 2013-08-21 18:14 - 04322816 _____ (Zemana Ltd.                                                 ) C:\Users\siegmar\Downloads\AntiLoggerFree_Setup_1.6.2.245.exe
2013-08-19 17:06 - 2013-08-19 17:06 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\Steuerfälle
2013-08-16 11:28 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-16 11:28 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-16 11:28 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-16 11:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-16 11:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-16 11:28 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-16 11:28 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-16 11:28 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-16 11:28 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-16 11:28 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-16 11:28 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-16 11:18 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 11:18 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 11:18 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-16 11:18 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-16 11:18 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 11:18 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 11:18 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 11:18 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-16 11:18 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 11:18 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 11:18 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-16 11:18 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 11:13 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-16 11:13 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-16 11:13 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-16 11:13 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-16 11:13 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-16 11:13 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-16 11:13 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-16 11:13 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-16 11:13 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-16 11:13 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-16 11:13 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-16 11:13 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-16 11:13 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 11:13 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-16 11:13 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-16 11:12 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-09 15:24 - 2013-08-09 15:24 - 00282112 ____C (Mozilla) C:\Users\siegmar\Downloads\Firefox Setup Stub 23.0.exe
2013-08-09 14:38 - 2013-08-09 14:38 - 00000093 ____C C:\Users\Public\Documents\Fehler 2203 (bei Install Classic Shell erstmals aufgetreten).txt
2013-08-09 14:13 - 2013-08-09 14:13 - 00003156 _____ C:\Windows\System32\Tasks\{2C80D82E-6EBA-454C-84A8-90FD68CDC180}
2013-08-09 13:59 - 2013-08-09 13:59 - 08437760 ____C (IvoSoft) C:\Users\siegmar\Downloads\ClassicShellSetup_3_6_8.exe
2013-08-04 14:36 - 2013-08-21 12:19 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-04 14:35 - 2013-08-04 14:35 - 00000000 ____D C:\Users\siegmar\Downloads\mbar-1.06.0.1004
2013-08-04 14:34 - 2013-08-04 14:35 - 13399154 ____C C:\Users\siegmar\Downloads\mbar-1.06.0.1004.zip
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-03 01:39 - 2013-08-03 01:39 - 00000000 ___DC C:\Program Files (x86)\Java
2013-08-03 01:38 - 2013-08-03 01:39 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21E6.tmp
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21D6.tmp
2013-08-02 22:51 - 2013-08-02 22:51 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Macromedia
2013-08-02 00:17 - 2013-08-12 09:59 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Thunderbird
2013-08-01 23:28 - 2013-08-01 23:32 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Roaming\Media Player Classic
2013-08-01 17:33 - 2013-08-01 17:33 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VS Revo Group
2013-08-01 17:26 - 2013-08-01 17:26 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Secunia PSI
2013-08-01 17:12 - 2013-08-01 17:12 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VirtualStore
2013-07-31 14:33 - 2013-08-01 23:37 - 00000000 ___DC C:\Users\Anfangsnutzer\.dvdcss
2013-07-29 10:19 - 2013-07-29 10:32 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\WPA Files

==================== One Month Modified Files and Folders =======

2013-08-26 09:33 - 2013-08-26 09:32 - 01577068 ____C (Farbar) C:\Users\siegmar\Desktop\FRST64.exe
2013-08-26 09:27 - 2012-07-05 07:51 - 00000000 ___DC C:\Users\siegmar\__Aktuelle Probleme
2013-08-26 06:23 - 2010-04-11 13:39 - 01260615 _____ C:\Windows\WindowsUpdate.log
2013-08-26 01:34 - 2013-08-26 01:34 - 00891115 ____C C:\Users\siegmar\Desktop\SecurityCheck.exe
2013-08-26 01:30 - 2009-07-14 06:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-26 01:30 - 2009-07-14 06:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-26 01:25 - 2012-12-03 11:54 - 00019005 _____ C:\Windows\setupact.log
2013-08-26 01:25 - 2011-07-22 18:21 - 00000000 ___DC C:\Users\siegmar\AppData\Roaming\USBSafelyRemove
2013-08-26 01:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-26 01:04 - 2013-08-26 01:04 - 02347384 ____C (ESET) C:\Users\siegmar\Downloads\esetsmartinstaller_enu.exe
2013-08-26 00:46 - 2009-07-14 19:58 - 00855588 _____ C:\Windows\system32\perfh007.dat
2013-08-26 00:46 - 2009-07-14 19:58 - 00205000 _____ C:\Windows\system32\perfc007.dat
2013-08-26 00:46 - 2009-07-14 07:13 - 01984690 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-25 17:13 - 2012-12-06 03:50 - 00000000 ___DC C:\Program Files (x86)\Everything
2013-08-25 16:51 - 2011-07-24 19:03 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Roaming\USBSafelyRemove
2013-08-25 04:26 - 2013-08-25 04:26 - 00003195 ____C C:\Users\siegmar\Desktop\JRT.txt
2013-08-25 04:15 - 2013-08-25 04:15 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 03:56 - 2013-08-25 03:49 - 00000000 ___DC C:\AdwCleaner
2013-08-25 03:42 - 2013-08-25 03:42 - 01021434 ____C (Thisisu) C:\Users\siegmar\Desktop\JRT.exe
2013-08-25 03:41 - 2013-08-25 03:41 - 00994642 ____C C:\Users\siegmar\Desktop\adwcleaner.exe
2013-08-25 03:28 - 2010-08-17 11:37 - 00429472 _____ C:\Windows\PFRO.log
2013-08-25 01:13 - 2013-08-25 01:13 - 00001073 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-25 01:13 - 2013-08-25 01:13 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-25 00:51 - 2013-08-25 00:51 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\siegmar\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-24 19:37 - 2013-08-24 19:37 - 00051749 ____C C:\ComboFix.zip
2013-08-24 17:39 - 2013-08-24 17:39 - 01174464 ____C C:\ComboFix.txt
2013-08-24 17:39 - 2013-08-24 17:10 - 00000000 ___DC C:\ComboFix
2013-08-24 17:39 - 2013-08-24 17:09 - 00000000 ___DC C:\Qoobox
2013-08-24 17:39 - 2009-07-14 05:20 - 00000000 _RHDC C:\Users\Default
2013-08-24 17:37 - 2010-04-25 02:24 - 00000000 ____D C:\Windows\ERDNT
2013-08-24 17:34 - 2009-07-14 04:34 - 00000215 ____C C:\Windows\system.ini
2013-08-24 16:04 - 2013-08-24 16:04 - 05111180 ___RC (Swearware) C:\Users\siegmar\Desktop\ComboFix.exe
2013-08-24 02:09 - 2013-08-24 02:08 - 00036691 ____C C:\Users\siegmar\Desktop\Addition.txt
2013-08-24 02:07 - 2013-08-24 02:07 - 00000000 ___DC C:\FRST
2013-08-23 18:16 - 2010-04-21 11:42 - 00000000 ___DC C:\Users\siegmar\Desktop\_deskcut
2013-08-23 11:53 - 2013-08-23 11:53 - 00494400 ____C (ITSTH                                                       ) C:\Users\siegmar\Downloads\WhatsMyComputerDoing_E.exe
2013-08-23 10:10 - 2010-11-05 19:06 - 00000000 ____D C:\Windows\System32\Tasks\NCH Swift Sound
2013-08-22 17:42 - 2012-08-11 02:35 - 00000782 _____ C:\Windows\regscanner.cfg
2013-08-22 17:36 - 2012-11-06 15:11 - 00000000 ___DC C:\Program Files\Microsoft Windows Performance Toolkit
2013-08-22 17:36 - 2012-11-06 15:11 - 00000000 ____D C:\Users\siegmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Windows Performance Toolkit
2013-08-22 17:04 - 2010-08-24 00:56 - 00013948 ____C C:\Users\siegmar\Desktop\DesktopOK.ini
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ___DC C:\Users\siegmar\AppData\Local\AntiLogger Free
2013-08-22 16:39 - 2013-02-17 17:11 - 00000000 ___DC C:\Users\Anfangsnutzer\__aktuelle Probleme
2013-08-21 19:02 - 2013-08-21 19:02 - 00001104 ____C C:\Users\Public\Desktop\AntiLogger Free.lnk
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\Zemana AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\KeyCryptSDK
2013-08-21 18:29 - 2013-08-21 18:29 - 01810944 ____C C:\Users\siegmar\Downloads\MBSASetup-x64-DE.msi
2013-08-21 18:25 - 2013-08-21 18:25 - 01327120 ____C C:\Users\siegmar\Downloads\KeyScrambler_Setup.exe
2013-08-21 18:14 - 2013-08-21 18:15 - 04322816 _____ (Zemana Ltd.                                                 ) C:\Users\siegmar\Downloads\AntiLoggerFree_Setup_1.6.2.245.exe
2013-08-21 12:19 - 2013-08-04 14:36 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-21 11:27 - 2013-02-21 17:55 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\PDF-Dateien
2013-08-21 11:05 - 2013-02-04 14:42 - 00000000 ____D C:\Users\siegmar\Documents\Reg-Datei-Exporte
2013-08-21 10:54 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-08-21 10:45 - 2011-01-08 18:50 - 00000000 ____D C:\Windows\pss
2013-08-21 10:08 - 2010-01-01 02:33 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 17:53 - 2012-12-05 17:55 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-08-19 17:06 - 2013-08-19 17:06 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\Steuerfälle
2013-08-16 15:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-16 11:16 - 2013-07-11 01:40 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 11:14 - 2010-04-12 18:04 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-16 00:53 - 2012-05-23 15:08 - 00000000 ___DC C:\ProgramData\SecTaskMan
2013-08-13 15:21 - 2013-03-21 20:54 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\Neuer Ordner (4)
2013-08-12 17:25 - 2013-05-15 12:13 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-08-12 09:59 - 2013-08-02 00:17 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Thunderbird
2013-08-09 17:24 - 2010-04-16 19:40 - 00000000 ___DC C:\Program Files\Classic Shell
2013-08-09 15:50 - 2011-07-25 01:52 - 00000000 ____D C:\Users\silvia\AppData\Roaming\USBSafelyRemove
2013-08-09 15:24 - 2013-08-09 15:24 - 00282112 ____C (Mozilla) C:\Users\siegmar\Downloads\Firefox Setup Stub 23.0.exe
2013-08-09 14:38 - 2013-08-09 14:38 - 00000093 ____C C:\Users\Public\Documents\Fehler 2203 (bei Install Classic Shell erstmals aufgetreten).txt
2013-08-09 14:13 - 2013-08-09 14:13 - 00003156 _____ C:\Windows\System32\Tasks\{2C80D82E-6EBA-454C-84A8-90FD68CDC180}
2013-08-09 13:59 - 2013-08-09 13:59 - 08437760 ____C (IvoSoft) C:\Users\siegmar\Downloads\ClassicShellSetup_3_6_8.exe
2013-08-07 19:10 - 2010-04-12 17:52 - 08126464 _____ C:\Users\Anfangsnutzer\ntuser.bak
2013-08-07 19:10 - 2010-04-12 17:52 - 00000000 ___DC C:\Users\Anfangsnutzer
2013-08-07 19:10 - 2009-07-14 04:34 - 80216064 _____ C:\Windows\system32\config\software.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 28573696 _____ C:\Windows\system32\config\system.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 04718592 _____ C:\Windows\system32\config\default.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 00131072 _____ C:\Windows\system32\config\sam.bak
2013-08-07 10:39 - 2011-04-11 16:26 - 00000000 ___DC C:\ProgramData\AAV
2013-08-04 14:35 - 2013-08-04 14:35 - 00000000 ____D C:\Users\siegmar\Downloads\mbar-1.06.0.1004
2013-08-04 14:35 - 2013-08-04 14:34 - 13399154 ____C C:\Users\siegmar\Downloads\mbar-1.06.0.1004.zip
2013-08-04 14:29 - 2010-10-07 16:36 - 00000000 __RDC C:\Users\siegmar\Desktop\_Aktuell
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-03 01:39 - 2013-08-03 01:39 - 00000000 ___DC C:\Program Files (x86)\Java
2013-08-03 01:39 - 2013-08-03 01:38 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-03 01:39 - 2012-05-22 15:30 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-03 01:39 - 2010-07-29 17:42 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21E6.tmp
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21D6.tmp
2013-08-02 23:06 - 2010-06-23 01:28 - 00000000 ___DC C:\Users\Administrator
2013-08-02 22:51 - 2013-08-02 22:51 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Macromedia
2013-08-02 09:01 - 2010-04-13 07:07 - 00192648 ____C C:\Users\Anfangsnutzer\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-01 23:39 - 2011-02-05 15:01 - 00000000 __RDC C:\Users\Anfangsnutzer\.smplayer
2013-08-01 23:37 - 2013-07-31 14:33 - 00000000 ___DC C:\Users\Anfangsnutzer\.dvdcss
2013-08-01 23:32 - 2013-08-01 23:28 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Roaming\Media Player Classic
2013-08-01 17:33 - 2013-08-01 17:33 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VS Revo Group
2013-08-01 17:26 - 2013-08-01 17:26 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Secunia PSI
2013-08-01 17:12 - 2013-08-01 17:12 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VirtualStore
2013-08-01 08:50 - 2010-04-20 10:49 - 00000000 ___DC C:\Users\siegmar\AppData\Roaming\ATViewer
2013-08-01 01:07 - 2010-09-14 17:49 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Google
2013-07-31 17:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-31 06:57 - 2012-11-01 16:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-30 01:19 - 2012-11-01 16:17 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-30 01:19 - 2012-04-11 16:54 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-30 01:19 - 2011-06-23 19:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-30 01:19 - 2010-06-02 12:32 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Adobe
2013-07-29 10:32 - 2013-07-29 10:19 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\WPA Files
2013-07-28 02:25 - 2010-08-10 10:22 - 00000000 ____D C:\Users\siegmar\dwhelper
2013-07-28 01:29 - 2011-01-26 12:42 - 00000000 ___DC C:\Users\siegmar\.smplayer

Files to move or delete:
====================
C:\Users\siegmar\AppData\Local\Temp\Quarantine.exe
C:\Users\siegmar\AppData\Local\Temp\RarSFX0\SecurityCheck\Objlist.exe
C:\Users\siegmar\AppData\Local\Temp\RarSFX0\SecurityCheck\runprocesses.exe
C:\Users\siegmar\AppData\Local\Temp\RarSFX0\SecurityCheck\uninstalllist.exe
C:\Users\siegmar\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\cmdinfo.exe
C:\Users\siegmar\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\nircmdc.exe
C:\Users\siegmar\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\sed.exe
C:\Users\siegmar\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\swreg.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 18:37

==================== End Of Log ============================

--- --- ---

4. Ergebnis

Warum fragst du am Ende von Posting #8 „Noch Probleme?“? Ich sollte doch beim ESET Online Scan und bei FRST die Aktionen „Remove“ bzw. „Fix“ nicht durchführen. Und vom bloßen Log-Datei-Erstellen geht doch ein Schädling nicht weg? Er ist jedenfalls noch da.

schrauber · 26.08.2013, 13:37

Ist das ein Fujitsu Laptop?
SystemLookup - systray

Zitat:

C:\Program Files (x86)\Device Doctor\DDSmartScan.exe
C:\Users\Anfangsnutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\__Treiber\DeviceDoctor_Bundle.exe
C:\Users\Anfangsnutzer\Documents\Device Doctor (Treiber-Auflistung)\DeviceDoctor12_Bundle (setup).exe
C:\Users\Anfangsnutzer\Eigene Dateien\Device Doctor (Treiber-Auflistung)\DeviceDoctor12_Bundle (setup).exe
C:\Users\siegmar\Anwendungsdaten\Microsoft\Windows\Start Menu\Programs\__Treiber\DeviceDoctor_Bundle.exe
C:\Users\siegmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\__Treiber\DeviceDoctor_Bundle.exe
C:\Users\siegmar\Downloads\WK.1050.SB.Schlagbohrmaschine.Kingcraft.pdf.exe
O:\neu auf intneu-Desktop\registryfix (dwnld051215).exe
P:\Windows_7\Anzeige\enable-use-adaptive-brightness-windows-7-Dateien\jquery.js
P:\Windows_7\Registry\Registry-Zugriffe unter Windows Vista 64Bit für 32Bit Anwendungen _ .NET und PDF Software.htm
S:\Transfer BARTON - i3\Thunderbird (srwww 100530)\Profiles\qko74fas.srwww\eicar.com
S:\3 Lw_N (+ alteTb-Profile srwww) (Dez_2010)\Profiles_100503\qko74fas.srwww\eicar.com
W:\neu auf intneu-Desktop\registryfix (dwnld051215).exe
Z:\Windows_7\Anzeige\enable-use-adaptive-brightness-windows-7-Dateien\jquery.js
Z:\Windows_7\Registry\Registry-Zugriffe unter Windows Vista 64Bit für 32Bit Anwendungen _ .NET und PDF Software.htm

Device Doctor bitte deinstallieren. Die Sachen auf den anderne Laufwerken bitte von Hand löschen.

Holzpferd · 27.08.2013, 02:08

Hallo Schrauber,

Hier meine Aktionen:

Es ist kein Fujitsu-Laptop, sondern ein normaler Desktop-Computer (MidiTower) mit Mobo GIGABYTE H55M-USB3.
Device Doctor habe ich deinstalliert.
Die aufgelisteten Dateien habe ich gelöscht. Die erste davon (C:\Program Files (x86)\Device Doctor\DDSmartScan.exe) war nach der Deinstallation allerdings nicht mehr vorhanden.

Ergebnis:

Der WinPatrol New Program Alert „Systray .exe stub“ taucht immer noch auf.
Mein Kyocera USB-Laserdrucker sammelt die Aufträge ohne zu drucken. Doppelklick auf den wartenden Druckauftrag öffnet den Druckertreiber-Dialog mit ausgegrauten Items. Erst nach einem Win7-Neustart werden die gesammelten Druckaufträge ausgedruckt. Danach werden neue Druckaufträge wieder gesammelt. Dieser Fehler ist neu dazugekommen.
Der Startvorgang, der vorübergehend nur noch halb so lange dauerte, hat jetzt wieder den alten lahmen Verlauf: 2:30 Minuten bis das MSE Systray Icon grün wird und ca. 4 Minuten bis eine Internetverbindung über Firefox hergestellt ist. Die Halbierung der Startzeit, die dringend erwünscht ist, kam meines Wissens nach der Ausführung von Combofix zustande. Könnte ich das testweise noch einmal machen?

Gruß,
Holzpferd

schrauber · 27.08.2013, 10:53

Combofix löschen und neu laden, nochmal ausführen.
MSE mal komplett deinstallieren und neu installieren, ein AV PRogramm mit internen Fehlern bremst gerne den Rechner.

Drucker-Software mal neu installiert?

Poste bitte noch ein frisches FRST Logfile.

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Wählen Sie eine
Kopiere nun folgendes in die Suchleiste
Code:
ATTFilter
```
C:\Windows\System32\systray.exe
         
```
und klicke auf Öffnen.
Klicke auf Scannen!.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen

Zitat:

Diese Datei wurde bereits von VirusTotal analysiert...

klicke auf Neu analysieren.
Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Holzpferd · 28.08.2013, 10:21

Hallo Schrauber,

Einiges geht wieder, der WinPatrol Program Alert ist immer noch da.
Im Einzelnen:

1. Combofix

Nach dieser 2. Ausführung von Combofix waren MSE und Netzwerk glücklicherweise wieder wenige Sekunden nach Login funktionsfähig, und die Firefox-Startseite war wieder 2 Minuten früher da als in dem lahmen Zustand, der vor dem 1. Combofix-Lauf (Posting #2) und auch wieder kurz vor dem 2. Combofix-Lauf (Posting #12) herrschte.

Combofix.txt hat bei mir eine Dateigröße von 1146 kB. Deshalb konnte ich sie nicht hier in den Text kopieren, sondern musste sie komprimiert (51 kB) anhängen.

siehe Anlage

2. MSE neu installieren

Es war ein Microsoft FixIt nötig, um MSE deinstallieren zu können.

Bereits vor dieser Neu-Installation hatte ich festgestellt, dass der Microsoft Antimalware Service keinerlei Aktionen zuließ, egal ob als Administrator, mit SuRun oder im Administrator-Konto ausgeführt. Alles war und blieb ausgegraut. Das hat sich dann auch nach Neu-Installation von MSE nicht geändert. Bei der Gelegenheit habe ich festgestellt, dass eine Reihe anderer Dienste dasselbe Verhalten zeigt, insbesondere auch die Dienste, von denen Microsoft Antimalware Service abhängig ist, also:

DCOM-Server-Prozessstart
Remoteprozeduraufruf
RPC-Endpunktzuordnung.

Aus einem anderen Thread weiß ich, dass man z.B. Änderungen bei Starttyp oder Wiederherstellung vornehmen können sollte. Hast du aus deinem Werkzeugkasten da auch eine Reparaturmöglichkeit, oder sollte ich das Problem im Microsoft Answers Forum zur Sprache bringen?

3. Die Druckersoftware habe ich erfolgreich neu intalliert.

4. FRST Logfile

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by siegmar (administrator) on 28-08-2013 10:07:29
Running from C:\Users\siegmar\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun32.bin
(Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Nenad Hrg (SoftwareOK.com)) O:\Zentrale Prog-Sammelstelle (exe)\AlwaysMouseWheel.exe
(ITSamples.com) C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Code Sector Inc.) C:\Program Files (x86)\Direct Folders\df.exe
(Code Sector Inc.) C:\Program Files (x86)\Direct Folders\df64.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(FinePrint Software, LLC) C:\Windows\system32\spool\DRIVERS\x64\3\fpphelp4.exe
() C:\Users\siegmar\Downloads\FRST64.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2009-12-08] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [SuRun Systemmenü-Erweiterung] - C:\Windows\SuRun.exe [727552 2012-01-20] (hxxp://kay-bruns.de)
HKLM\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [151552 2013-06-29] (IvoSoft)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKLM\...\Run: [USB Safely Remove] - C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe [2423168 2012-05-29] (Crystal Rich Ltd)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [AlwaysMouseWheel] - O:\Zentrale Prog-Sammelstelle (exe)\AlwaysMouseWheel.exe [55808 2012-10-02] (Nenad Hrg (SoftwareOK.com))
HKCU\...\Run: [NetworkIndicator] - C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe [344064 2010-10-25] (ITSamples.com)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [DirectFolders] - C:\Program Files (x86)\Direct Folders\df.exe [272896 2010-06-03] (Code Sector Inc.)
HKLM-x32\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM-x32\...\Run: [systray] - C:\Windows\System32\systray.exe [9216 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [ZALFree] - C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [12999472 2013-07-22] (Zemana Ltd.)
HKU\Anfangsnutzer\...\Run: [AlwaysMouseWheel] - O:\Zentrale Prog-Sammelstelle (exe)\AlwaysMouseWheel.exe [55808 2012-10-02] (Nenad Hrg (SoftwareOK.com))
HKU\Anfangsnutzer\...\Run: [everything] - C:\PROGRAM FILES (X86)\EVERYTHING\EVERYTHING.EXE [602624 2009-03-13] ()
HKU\Anfangsnutzer\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner64.exe [5629720 2013-01-23] (Piriform Ltd)
HKU\silvia\...\Run: [AutoSizer] - "C:\Program Files (x86)\AutoSizer\AutoSizer.exe" [x]
HKU\silvia\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup [x]
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KeyCrypt64(1).dll [89936 2013-07-22] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KeyCrypt32(1).dll [82696 2013-07-22] (Zemana Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:12080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKCU - No Name - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
ShellExecuteHooks: SuRun Shell Extension - {2C7B6088-5A77-4d48-BE43-30337DCA9A86} - SuRunExt.dll No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\siegmar\AppData\Roaming\Mozilla\Firefox\Path=Profiles\e975fjdq.test
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=8 - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\siegmar\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\siegmar\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

S4 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S4 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 Super User Run (SuRun) Service; C:\Windows\SuRun.exe [727552 2012-01-20] (hxxp://kay-bruns.de)
R2 USBSafelyRemoveService; C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [1473920 2012-05-29] (Crystal Rich Ltd)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-27] (Windows (R) Codename Longhorn DDK provider)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25568 2013-07-22] (Zemana Ltd.)
S3 MEMSWEEP2; C:\Windows\system32\66ED.tmp [6144 2009-06-18] (Sophos Plc)
S3 MEMSWEEP2; C:\Windows\system32\66ED.tmp [6144 2009-06-18] (Sophos Plc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 PORTMON; \??\R:\6   MH\Installation\SysinternalsSuite_0502\PORTMSYS.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-28 10:04 - 2013-08-28 10:04 - 01579080 ____C (Farbar) C:\Users\siegmar\Desktop\FRST64.exe
2013-08-28 04:11 - 2013-08-28 04:11 - 00000000 ____D C:\Users\siegmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pdfFactory Pro
2013-08-28 03:43 - 2013-08-04 10:49 - 00596696 ____N (FinePrint Software, LLC) C:\Windows\system32\fppmon4.dll
2013-08-28 03:43 - 2013-08-04 10:49 - 00290008 ____N (FinePrint Software, LLC) C:\Windows\system32\fppr4-x64.dll
2013-08-28 02:18 - 2013-08-28 02:18 - 00000000 ___DC C:\Program Files (x86)\Microsoft Security Client
2013-08-28 02:07 - 2013-08-28 02:07 - 00000000 ___DC C:\MATS
2013-08-28 01:51 - 2013-08-28 01:51 - 00347424 ____C (Microsoft Corporation) C:\Users\siegmar\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.34301077277468427.2.1.Run.exe
2013-08-28 01:50 - 2013-08-28 01:50 - 00347424 ____C (Microsoft Corporation) C:\Users\siegmar\Downloads\MicrosoftFixit.ProgramInstallUninstall.Run.exe
2013-08-28 01:05 - 2013-08-28 01:06 - 00000000 ____D C:\Users\siegmar\Downloads\KX_602726_UPD_Signed
2013-08-28 01:03 - 2013-08-28 01:03 - 06979288 ____C C:\Users\siegmar\Downloads\pdf481pro.exe
2013-08-27 18:58 - 2013-08-27 18:58 - 00000000 ____D C:\Users\siegmar\Downloads\Driver Deleter
2013-08-27 18:44 - 2013-08-27 18:45 - 69830424 ___RC C:\Users\siegmar\Downloads\KX_602726_UPD_Signed.zip
2013-08-27 17:57 - 2013-08-27 17:57 - 13842112 ____C (Microsoft Corporation) C:\Users\siegmar\Downloads\mseinstall(130827).exe
2013-08-27 17:21 - 2013-08-27 17:21 - 00051307 ____C C:\ComboFix.zip
2013-08-27 16:52 - 2013-08-27 16:52 - 01173241 ____C C:\ComboFix.txt
2013-08-27 16:13 - 2013-08-27 16:14 - 05113393 ___RC (Swearware) C:\Users\siegmar\Desktop\ComboFix.exe
2013-08-26 01:04 - 2013-08-26 01:04 - 02347384 ____C (ESET) C:\Users\siegmar\Downloads\esetsmartinstaller_enu.exe
2013-08-25 04:26 - 2013-08-25 04:26 - 00003195 ____C C:\Users\siegmar\Desktop\JRT.txt
2013-08-25 04:15 - 2013-08-25 04:15 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 03:49 - 2013-08-25 03:56 - 00000000 ___DC C:\AdwCleaner
2013-08-25 01:13 - 2013-08-25 01:13 - 00001073 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-25 01:13 - 2013-08-25 01:13 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-25 01:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-25 00:51 - 2013-08-25 00:51 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\siegmar\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-24 17:10 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-24 17:10 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-24 17:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-24 17:09 - 2013-08-27 16:52 - 00000000 ___DC C:\Qoobox
2013-08-24 02:07 - 2013-08-24 02:07 - 00000000 ___DC C:\FRST
2013-08-23 11:53 - 2013-08-23 11:53 - 00494400 ____C (ITSTH                                                       ) C:\Users\siegmar\Downloads\WhatsMyComputerDoing_E.exe
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ___DC C:\Users\siegmar\AppData\Local\AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00001104 ____C C:\Users\Public\Desktop\AntiLogger Free.lnk
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\Zemana AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\KeyCryptSDK
2013-08-21 19:02 - 2013-07-22 18:10 - 00025568 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2013-08-21 18:29 - 2013-08-21 18:29 - 01810944 ____C C:\Users\siegmar\Downloads\MBSASetup-x64-DE.msi
2013-08-21 18:25 - 2013-08-21 18:25 - 01327120 ____C C:\Users\siegmar\Downloads\KeyScrambler_Setup.exe
2013-08-21 18:15 - 2013-08-21 18:14 - 04322816 _____ (Zemana Ltd.                                                 ) C:\Users\siegmar\Downloads\AntiLoggerFree_Setup_1.6.2.245.exe
2013-08-19 17:06 - 2013-08-19 17:06 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\Steuerfälle
2013-08-16 11:28 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-16 11:28 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-16 11:28 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-16 11:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-16 11:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-16 11:28 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-16 11:28 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-16 11:28 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-16 11:28 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-16 11:28 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-16 11:28 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-16 11:18 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 11:18 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 11:18 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-16 11:18 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-16 11:18 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 11:18 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 11:18 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 11:18 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-16 11:18 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 11:18 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 11:18 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-16 11:18 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 11:13 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-16 11:13 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-16 11:13 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-16 11:13 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-16 11:13 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-16 11:13 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-16 11:13 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-16 11:13 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-16 11:13 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-16 11:13 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-16 11:13 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-16 11:13 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-16 11:13 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 11:13 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-16 11:13 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-16 11:12 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-09 15:24 - 2013-08-09 15:24 - 00282112 ____C (Mozilla) C:\Users\siegmar\Downloads\Firefox Setup Stub 23.0.exe
2013-08-09 14:38 - 2013-08-09 14:38 - 00000093 ____C C:\Users\Public\Documents\Fehler 2203 (bei Install Classic Shell erstmals aufgetreten).txt
2013-08-09 14:13 - 2013-08-09 14:13 - 00003156 _____ C:\Windows\System32\Tasks\{2C80D82E-6EBA-454C-84A8-90FD68CDC180}
2013-08-09 13:59 - 2013-08-09 13:59 - 08437760 ____C (IvoSoft) C:\Users\siegmar\Downloads\ClassicShellSetup_3_6_8.exe
2013-08-04 14:36 - 2013-08-21 12:19 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-04 14:35 - 2013-08-04 14:35 - 00000000 ____D C:\Users\siegmar\Downloads\mbar-1.06.0.1004
2013-08-04 14:34 - 2013-08-04 14:35 - 13399154 ____C C:\Users\siegmar\Downloads\mbar-1.06.0.1004.zip
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-03 01:39 - 2013-08-03 01:39 - 00000000 ___DC C:\Program Files (x86)\Java
2013-08-03 01:38 - 2013-08-03 01:39 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21E6.tmp
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21D6.tmp
2013-08-02 22:51 - 2013-08-02 22:51 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Macromedia
2013-08-02 00:17 - 2013-08-12 09:59 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Thunderbird
2013-08-01 23:28 - 2013-08-01 23:32 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Roaming\Media Player Classic
2013-08-01 17:33 - 2013-08-01 17:33 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VS Revo Group
2013-08-01 17:26 - 2013-08-01 17:26 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Secunia PSI
2013-08-01 17:12 - 2013-08-01 17:12 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VirtualStore
2013-07-31 14:33 - 2013-08-01 23:37 - 00000000 ___DC C:\Users\Anfangsnutzer\.dvdcss
2013-07-29 10:19 - 2013-07-29 10:32 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\WPA Files

==================== One Month Modified Files and Folders =======

2013-08-28 10:06 - 2013-08-28 10:06 - 00038473 _____ C:\Users\siegmar\Downloads\FRST.txt
2013-08-28 10:04 - 2013-08-28 10:04 - 01579080 ____C (Farbar) C:\Users\siegmar\Desktop\FRST64.exe
2013-08-28 09:31 - 2009-07-14 06:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-28 09:31 - 2009-07-14 06:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-28 09:30 - 2010-04-11 13:39 - 01453947 _____ C:\Windows\WindowsUpdate.log
2013-08-28 09:26 - 2011-07-22 18:21 - 00000000 ___DC C:\Users\siegmar\AppData\Roaming\USBSafelyRemove
2013-08-28 09:25 - 2012-12-03 11:54 - 00020125 _____ C:\Windows\setupact.log
2013-08-28 09:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-28 04:11 - 2013-08-28 04:11 - 00000000 ____D C:\Users\siegmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pdfFactory Pro
2013-08-28 04:10 - 2010-04-12 18:50 - 00192648 ____C C:\Users\siegmar\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-28 04:09 - 2010-08-17 11:37 - 00432806 _____ C:\Windows\PFRO.log
2013-08-28 04:09 - 2009-07-14 06:45 - 00809080 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-28 04:07 - 2013-02-21 17:55 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\PDF-Dateien
2013-08-28 03:57 - 2010-05-24 08:08 - 00000000 ___DC C:\Program Files\Kyocera
2013-08-28 03:45 - 2011-07-24 19:03 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Roaming\USBSafelyRemove
2013-08-28 03:27 - 2013-02-04 14:42 - 00000000 ____D C:\Users\siegmar\Documents\PDF-Dateien
2013-08-28 03:27 - 2012-11-14 14:59 - 00000000 ____D C:\Users\silvia\Documents\PDF-Dateien
2013-08-28 02:18 - 2013-08-28 02:18 - 00000000 ___DC C:\Program Files (x86)\Microsoft Security Client
2013-08-28 02:18 - 2013-02-17 03:55 - 00000000 ___DC C:\Program Files\Microsoft Security Client
2013-08-28 02:18 - 2012-09-08 15:36 - 00001912 _____ C:\Windows\epplauncher.mif
2013-08-28 02:07 - 2013-08-28 02:07 - 00000000 ___DC C:\MATS
2013-08-28 01:51 - 2013-08-28 01:51 - 00347424 ____C (Microsoft Corporation) C:\Users\siegmar\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.34301077277468427.2.1.Run.exe
2013-08-28 01:50 - 2013-08-28 01:50 - 00347424 ____C (Microsoft Corporation) C:\Users\siegmar\Downloads\MicrosoftFixit.ProgramInstallUninstall.Run.exe
2013-08-28 01:06 - 2013-08-28 01:05 - 00000000 ____D C:\Users\siegmar\Downloads\KX_602726_UPD_Signed
2013-08-28 01:03 - 2013-08-28 01:03 - 06979288 ____C C:\Users\siegmar\Downloads\pdf481pro.exe
2013-08-27 18:58 - 2013-08-27 18:58 - 00000000 ____D C:\Users\siegmar\Downloads\Driver Deleter
2013-08-27 18:45 - 2013-08-27 18:44 - 69830424 ___RC C:\Users\siegmar\Downloads\KX_602726_UPD_Signed.zip
2013-08-27 18:29 - 2010-04-21 11:42 - 00000000 ___DC C:\Users\siegmar\Desktop\_deskcut
2013-08-27 17:57 - 2013-08-27 17:57 - 13842112 ____C (Microsoft Corporation) C:\Users\siegmar\Downloads\mseinstall(130827).exe
2013-08-27 17:21 - 2013-08-27 17:21 - 00051307 ____C C:\ComboFix.zip
2013-08-27 16:52 - 2013-08-27 16:52 - 01173241 ____C C:\ComboFix.txt
2013-08-27 16:52 - 2013-08-24 17:09 - 00000000 ___DC C:\Qoobox
2013-08-27 16:48 - 2010-04-25 02:24 - 00000000 ____D C:\Windows\ERDNT
2013-08-27 16:48 - 2009-07-14 04:34 - 00000215 ____C C:\Windows\system.ini
2013-08-27 16:14 - 2013-08-27 16:13 - 05113393 ___RC (Swearware) C:\Users\siegmar\Desktop\ComboFix.exe
2013-08-27 16:11 - 2012-12-06 03:50 - 00000000 ___DC C:\Program Files (x86)\Everything
2013-08-27 12:14 - 2012-07-05 07:51 - 00000000 ___DC C:\Users\siegmar\__Aktuelle Probleme
2013-08-27 11:24 - 2010-08-18 02:58 - 00000000 ___DC C:\Program Files (x86)\SpeedFan
2013-08-27 03:24 - 2010-05-15 16:08 - 00000000 ____D C:\Users\siegmar\Sr Essentials
2013-08-27 01:32 - 2013-01-10 20:10 - 00000000 ____D C:\Users\siegmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\__Treiber
2013-08-27 01:30 - 2013-02-21 17:55 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\Device Doctor (Treiber-Auflistung)
2013-08-26 23:30 - 2010-09-01 19:36 - 04868245 _____ C:\Windows\system32\Drivers\etc\HOSTS.bak
2013-08-26 01:04 - 2013-08-26 01:04 - 02347384 ____C (ESET) C:\Users\siegmar\Downloads\esetsmartinstaller_enu.exe
2013-08-26 00:46 - 2009-07-14 19:58 - 00855588 _____ C:\Windows\system32\perfh007.dat
2013-08-26 00:46 - 2009-07-14 19:58 - 00205000 _____ C:\Windows\system32\perfc007.dat
2013-08-26 00:46 - 2009-07-14 07:13 - 01984690 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-25 04:26 - 2013-08-25 04:26 - 00003195 ____C C:\Users\siegmar\Desktop\JRT.txt
2013-08-25 04:15 - 2013-08-25 04:15 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 03:56 - 2013-08-25 03:49 - 00000000 ___DC C:\AdwCleaner
2013-08-25 01:13 - 2013-08-25 01:13 - 00001073 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-25 01:13 - 2013-08-25 01:13 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-25 00:51 - 2013-08-25 00:51 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\siegmar\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-24 17:39 - 2009-07-14 05:20 - 00000000 _RHDC C:\Users\Default
2013-08-24 02:07 - 2013-08-24 02:07 - 00000000 ___DC C:\FRST
2013-08-23 11:53 - 2013-08-23 11:53 - 00494400 ____C (ITSTH                                                       ) C:\Users\siegmar\Downloads\WhatsMyComputerDoing_E.exe
2013-08-23 10:10 - 2010-11-05 19:06 - 00000000 ____D C:\Windows\System32\Tasks\NCH Swift Sound
2013-08-22 17:42 - 2012-08-11 02:35 - 00000782 _____ C:\Windows\regscanner.cfg
2013-08-22 17:36 - 2012-11-06 15:11 - 00000000 ___DC C:\Program Files\Microsoft Windows Performance Toolkit
2013-08-22 17:36 - 2012-11-06 15:11 - 00000000 ____D C:\Users\siegmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Windows Performance Toolkit
2013-08-22 17:04 - 2010-08-24 00:56 - 00013948 ____C C:\Users\siegmar\Desktop\DesktopOK.ini
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ___DC C:\Users\siegmar\AppData\Local\AntiLogger Free
2013-08-22 16:39 - 2013-02-17 17:11 - 00000000 ___DC C:\Users\Anfangsnutzer\__aktuelle Probleme
2013-08-21 19:02 - 2013-08-21 19:02 - 00001104 ____C C:\Users\Public\Desktop\AntiLogger Free.lnk
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\Zemana AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\KeyCryptSDK
2013-08-21 18:29 - 2013-08-21 18:29 - 01810944 ____C C:\Users\siegmar\Downloads\MBSASetup-x64-DE.msi
2013-08-21 18:25 - 2013-08-21 18:25 - 01327120 ____C C:\Users\siegmar\Downloads\KeyScrambler_Setup.exe
2013-08-21 18:14 - 2013-08-21 18:15 - 04322816 _____ (Zemana Ltd.                                                 ) C:\Users\siegmar\Downloads\AntiLoggerFree_Setup_1.6.2.245.exe
2013-08-21 12:19 - 2013-08-04 14:36 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-21 11:05 - 2013-02-04 14:42 - 00000000 ____D C:\Users\siegmar\Documents\Reg-Datei-Exporte
2013-08-21 10:54 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-08-21 10:45 - 2011-01-08 18:50 - 00000000 ____D C:\Windows\pss
2013-08-21 10:08 - 2010-01-01 02:33 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 17:53 - 2012-12-05 17:55 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-08-19 17:06 - 2013-08-19 17:06 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\Steuerfälle
2013-08-16 15:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-16 11:16 - 2013-07-11 01:40 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 11:14 - 2010-04-12 18:04 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-16 00:53 - 2012-05-23 15:08 - 00000000 ___DC C:\ProgramData\SecTaskMan
2013-08-13 15:21 - 2013-03-21 20:54 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\Neuer Ordner (4)
2013-08-12 17:25 - 2013-05-15 12:13 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-08-12 09:59 - 2013-08-02 00:17 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Thunderbird
2013-08-09 17:24 - 2010-04-16 19:40 - 00000000 ___DC C:\Program Files\Classic Shell
2013-08-09 15:50 - 2011-07-25 01:52 - 00000000 ____D C:\Users\silvia\AppData\Roaming\USBSafelyRemove
2013-08-09 15:24 - 2013-08-09 15:24 - 00282112 ____C (Mozilla) C:\Users\siegmar\Downloads\Firefox Setup Stub 23.0.exe
2013-08-09 14:38 - 2013-08-09 14:38 - 00000093 ____C C:\Users\Public\Documents\Fehler 2203 (bei Install Classic Shell erstmals aufgetreten).txt
2013-08-09 14:13 - 2013-08-09 14:13 - 00003156 _____ C:\Windows\System32\Tasks\{2C80D82E-6EBA-454C-84A8-90FD68CDC180}
2013-08-09 13:59 - 2013-08-09 13:59 - 08437760 ____C (IvoSoft) C:\Users\siegmar\Downloads\ClassicShellSetup_3_6_8.exe
2013-08-07 19:10 - 2010-04-12 17:52 - 08126464 _____ C:\Users\Anfangsnutzer\ntuser.bak
2013-08-07 19:10 - 2010-04-12 17:52 - 00000000 ___DC C:\Users\Anfangsnutzer
2013-08-07 19:10 - 2009-07-14 04:34 - 80216064 _____ C:\Windows\system32\config\software.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 28573696 _____ C:\Windows\system32\config\system.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 04718592 _____ C:\Windows\system32\config\default.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 00131072 _____ C:\Windows\system32\config\sam.bak
2013-08-07 10:39 - 2011-04-11 16:26 - 00000000 ___DC C:\ProgramData\AAV
2013-08-04 14:35 - 2013-08-04 14:35 - 00000000 ____D C:\Users\siegmar\Downloads\mbar-1.06.0.1004
2013-08-04 14:35 - 2013-08-04 14:34 - 13399154 ____C C:\Users\siegmar\Downloads\mbar-1.06.0.1004.zip
2013-08-04 14:29 - 2010-10-07 16:36 - 00000000 __RDC C:\Users\siegmar\Desktop\_Aktuell
2013-08-04 10:49 - 2013-08-28 03:43 - 00596696 ____N (FinePrint Software, LLC) C:\Windows\system32\fppmon4.dll
2013-08-04 10:49 - 2013-08-28 03:43 - 00290008 ____N (FinePrint Software, LLC) C:\Windows\system32\fppr4-x64.dll
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-03 01:39 - 2013-08-03 01:39 - 00000000 ___DC C:\Program Files (x86)\Java
2013-08-03 01:39 - 2013-08-03 01:38 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-03 01:39 - 2012-05-22 15:30 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-03 01:39 - 2010-07-29 17:42 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21E6.tmp
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21D6.tmp
2013-08-02 23:06 - 2010-06-23 01:28 - 00000000 ___DC C:\Users\Administrator
2013-08-02 22:51 - 2013-08-02 22:51 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Macromedia
2013-08-02 09:01 - 2010-04-13 07:07 - 00192648 ____C C:\Users\Anfangsnutzer\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-01 23:39 - 2011-02-05 15:01 - 00000000 __RDC C:\Users\Anfangsnutzer\.smplayer
2013-08-01 23:37 - 2013-07-31 14:33 - 00000000 ___DC C:\Users\Anfangsnutzer\.dvdcss
2013-08-01 23:32 - 2013-08-01 23:28 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Roaming\Media Player Classic
2013-08-01 17:33 - 2013-08-01 17:33 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VS Revo Group
2013-08-01 17:26 - 2013-08-01 17:26 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Secunia PSI
2013-08-01 17:12 - 2013-08-01 17:12 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VirtualStore
2013-08-01 08:50 - 2010-04-20 10:49 - 00000000 ___DC C:\Users\siegmar\AppData\Roaming\ATViewer
2013-08-01 01:07 - 2010-09-14 17:49 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Google
2013-07-31 17:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-31 06:57 - 2012-11-01 16:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-30 01:19 - 2012-11-01 16:17 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-30 01:19 - 2012-04-11 16:54 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-30 01:19 - 2011-06-23 19:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-30 01:19 - 2010-06-02 12:32 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Adobe
2013-07-29 10:32 - 2013-07-29 10:19 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\WPA Files

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 18:37

==================== End Of Log ============================

--- --- ---

5. Virustotal-Prüfung von systray.exe

Hier ist der Link:

https://www.virustotal.com/de/file/470d84a5425d094701a21b56eded601654a9fe751a9517b20195390af93777a0/analysis/1377677798/

Gruß und Dank
Holzpferd

schrauber · 28.08.2013, 13:30

Dienste checken wir mal:

Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Holzpferd · 28.08.2013, 16:32

Code:

ATTFilter

Farbar Service Scanner Version: 18-08-2013
Ran by siegmar (administrator) on 28-08-2013 at 17:21:17
Running from "C:\Users\siegmar\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Da ist ja so gut wie gar nichts ausgefüllt. Habe ich da was falsch gemacht beim Erstellen von FSS.txt oder liegt da der Hund (meines Problems) begraben?

Da steht z.B. was über Defender, den ich gar nicht verwende, aber über meine Firewall, die aktiviert ist, steht nichts.