IE 10 speichert Seiten anstatt zu öffnen

Almidagu · 03.09.2013, 12:54

Guten Tag,

seit ein paar Tagen kann ich mit dem Internet Explorer 10 keine Internetseite anschauen. Als ich IE 10 starte, erscheint kurzfristig das IE-Fenster und dann kommt das Fenster „Downloads anzeigen“ mit dem Vorschlag, die angerufene Seite zu speichern.

Bei mir läuft Windows 7 Pro 64bit, alle Updates sind installiert. Mein Antivirus-Programm ist Windows Security Essentials und ich habe alles gescannt - nichts. Das Malwarebytes Anti-Malware Programm hat auch nichts gefunden, FRST64 – auch nichts, AdwCleaner – auch nichts.

Bitte um Hilfe. Danke im Voraus.
Grüße, Almidagu

schrauber · 03.09.2013, 13:01

hi,

Zitat:

FRST64 – auch nichts

halte ich für ein Gerücht, das Log war mit Sicherheit nicht leer. Oder hast Du irgendwo gelernt so ein Log auszuwerten und kommt deswegen zu der Aussage?

Almidagu · 03.09.2013, 17:21

Hallo @schrauber,

vielen Dank für Dein Interesse. Hier ist der Inhalt von FRST.txt:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013 05
Ran by XXXXX (administrator) on PPPCCC on 02-09-2013 22:15:42
Running from D:\Users\XXXXX\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\VMware\VMware Workstation\vmware-authd.exe
() C:\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe
(VMware, Inc.) C:\VMware\VMware Workstation\vmware-tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Firetrust) C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Serviio\bin\ServiioConsole.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(VMware, Inc.) C:\VMware\VMware Workstation\vmware.exe
(VMware, Inc.) C:\VMware\VMware Workstation\vmware-unity-helper.exe
(VMware, Inc.) C:\VMware\VMware Workstation\x64\vmware-vmx.exe
(VMware, Inc.) C:\VMware\VMware Workstation\vprintproxy.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe 
[497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install 
/silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [1] - D:\Users\XXXXX\Desktop\mbam-chameleon-1.62.1.1000\mbam-chameleon.exe /r /p [218184 2012-08-15] ()
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKCU\...\Run: [Remote Control Editor] - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1835008 2012-07-05] 
(Elgato Systems)
HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [7307352 2013-08-12] (SlySoft, Inc.)
HKCU\...\Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-14] (Microsoft Corporation)
MountPoints2: {22f27282-385a-11e2-9206-0013d4641034} - O:\LaunchU3.exe -a
MountPoints2: {5641443a-1ffb-11e2-806f-0013d4641034} - "O:\WD SmartWare.exe" autoplay=true
MountPoints2: {c2c93d7c-ce3a-11e1-a3e6-0013d4641034} - O:\AutoRun.exe
MountPoints2: {c2c93d80-ce3a-11e1-a3e6-0013d4641034} - O:\AutoRun.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe 
Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-
03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] 
(Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager
\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 
2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-
10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [EMET Notifier] - C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Download-Version\TrayServer_de.exe 
[90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [vmware-tray.exe] - C:\VMware\VMware Workstation\vmware-tray.exe [104088 2012-08-15] (VMware, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] 
(Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] 
(Oracle Corporation)
Startup: D:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk
ShortcutTarget: MailWasherPro.lnk -> C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe (Firetrust)
Startup: D:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://translate.google.de/?hl=de&tab=wT
hxxp://www.mydealz.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {9D2220A6-251A-4C82-982A-12A67A9E9EEF} URL = hxxp://de.wikipedia.org/w/index.php?
title=Spezial:Suche&search={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL 
(Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle 
Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL 
(Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll 
(Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll 
(Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files
\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL 
(Microsoft Corporation)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\TEXTware\QUICKF~1\PlugIns\IEHelp.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin
\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat
\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat
\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TERRATEC
\TERRAT~2\THCDES~1.DLL (TerraTec Electronic GmbH)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype 
Technologies)
Handler-x32: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows
\SysWow64\textwareilluminatorbaseProtocol.dll ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Corporate.11.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE
\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro 
Devices, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes 
Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes 
Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [359936 2013-08-02] ()
R2 VMAuthdService; C:\VMware\VMware Workstation\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.)
R2 VMwareHostd; C:\VMware\VMware Workstation\vmware-hostd.exe [15680000 2012-08-15] ()
S4 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R0 3wareDrv; C:\Windows\System32\DRIVERS\3wareDrv.sys [125224 2011-08-11] (LSI)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3491616 2009-06-18] (Realtek Semiconductor Corp.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [139352 2013-07-31] (SlySoft, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-12-28] (AVG Technologies)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
R3 Cinergy_HT_PCI_MKII; C:\Windows\System32\DRIVERS\Cinergy_HT_PCI_MKII.sys [271656 2012-10-31] (TerraTec Electronic GmbH.)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-08-15] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-02 22:16 - 2013-09-02 22:16 - 00010688 _____ D:\Temp\log1
2013-09-02 22:16 - 2013-09-02 22:16 - 00005084 _____ D:\Temp\ads000
2013-09-02 22:15 - 2013-09-02 22:16 - 00013165 _____ D:\Temp\frstlog
2013-09-02 22:15 - 2013-09-02 22:15 - 00063842 _____ D:\Temp\modules00
2013-09-02 22:15 - 2013-09-02 22:15 - 00000057 _____ D:\Temp\users00
2013-09-02 22:15 - 2013-09-02 22:15 - 00000003 _____ D:\Temp\others
2013-09-02 22:15 - 2013-09-02 22:15 - 00000000 ____D C:\FRST
2013-09-02 22:14 - 2013-09-02 22:13 - 01951954 _____ (Farbar) D:\Users\XXXXX\Desktop\FRST64.exe
2013-09-02 22:09 - 2013-09-02 22:09 - 00000478 _____ D:\Users\XXXXX\Desktop\defogger_disable.log
2013-09-02 21:55 - 2013-09-02 21:55 - 00000000 _____ D:\Temp\CVR4AFF.tmp.cvr
2013-09-02 21:48 - 2013-09-02 21:47 - 01898112 _____ (Bleeping Computer, LLC) D:\Users\XXXXX\Desktop\rkill.exe
2013-09-02 21:25 - 2013-09-02 21:25 - 00000000 ____D D:\Users\XXXXX\Desktop\mbam-chameleon-1.62.1.1000
2013-09-02 21:24 - 2013-09-02 16:55 - 01440846 _____ D:\Users\XXXXX\Documents\mbam-chameleon-1.62.1.1000.zip
2013-09-02 21:22 - 2013-09-02 21:22 - 00511801 _____ D:\Users\XXXXX\Downloads\usb.txt
2013-09-02 15:00 - 2013-09-02 14:59 - 10285040 _____ (Malwarebytes Corporation                                    ) D:\Users
\XXXXX\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-02 10:55 - 2013-09-02 10:55 - 00000000 ____D D:\Temp\WPDNSE
2013-09-02 10:55 - 2013-09-02 10:55 - 00000000 ____D D:\Temp\e4jDD6A.tmp_dir1378112105
2013-09-02 10:55 - 2013-09-02 10:55 - 00000000 _____ D:\Temp\e4jDD6A.tmp
2013-09-02 10:53 - 2013-09-02 10:53 - 00000000 ____D D:\Temp\e4j7E09.tmp_dir1378112016
2013-09-02 10:53 - 2013-09-02 10:53 - 00000000 _____ D:\Temp\e4j7E09.tmp
2013-09-02 01:55 - 2013-09-02 01:55 - 00000277 _____ D:\Temp\i4j3802507429236706883.tmp
2013-09-02 01:54 - 2013-09-02 01:54 - 00000277 _____ D:\Temp\i4j2731781772879243307.tmp
2013-09-02 01:38 - 2013-09-02 01:38 - 00000000 _____ D:\Temp\CVR58ED.tmp.cvr
2013-09-02 01:35 - 2013-09-02 01:35 - 00000000 _____ D:\Temp\CVR6A2C.tmp.cvr
2013-09-02 01:27 - 2013-09-02 01:27 - 00000000 ____D D:\Temp\e4jD532.tmp_dir1378078061
2013-09-02 01:27 - 2013-09-02 01:27 - 00000000 ____D D:\Temp\e4j86C4.tmp_dir1378078041
2013-09-02 01:27 - 2013-09-02 01:27 - 00000000 _____ D:\Temp\e4jD532.tmp
2013-09-02 01:27 - 2013-09-02 01:27 - 00000000 _____ D:\Temp\e4j86C4.tmp
2013-09-02 01:25 - 2013-09-02 01:25 - 00000277 _____ D:\Temp\i4j2221155456125459922.tmp
2013-09-02 01:22 - 2013-09-02 01:22 - 00000087 _____ D:\Users\XXXXX\Documents\333.txt
2013-09-02 01:17 - 2013-09-02 01:17 - 00000000 ____D D:\Temp\e4jE399.tmp_dir1378077458
2013-09-02 01:17 - 2013-09-02 01:17 - 00000000 ____D D:\Temp\e4j8608.tmp_dir1378077434
2013-09-02 01:17 - 2013-09-02 01:17 - 00000000 _____ D:\Temp\e4jE399.tmp
2013-09-02 01:17 - 2013-09-02 01:17 - 00000000 _____ D:\Temp\e4j8608.tmp
2013-09-02 00:35 - 2013-09-02 00:35 - 00000277 _____ D:\Temp\i4j6260075899777511513.tmp
2013-09-02 00:32 - 2013-09-02 21:50 - 00003538 _____ D:\Users\XXXXX\Desktop\Rkill.txt
2013-09-02 00:04 - 2013-09-02 00:04 - 00000005 _____ D:\Temp\Version.txt
2013-09-01 23:36 - 2013-09-01 23:36 - 00000000 ____D D:\Temp\e4jF963.tmp_dir1378071372
2013-09-01 23:36 - 2013-09-01 23:36 - 00000000 _____ D:\Temp\e4jF963.tmp
2013-09-01 23:35 - 2013-09-01 23:35 - 00000000 ____D D:\Temp\e4j8DA9.tmp_dir1378071345
2013-09-01 23:35 - 2013-09-01 23:35 - 00000000 _____ D:\Temp\e4j8DA9.tmp
2013-08-15 20:39 - 2013-08-15 20:39 - 00000000 _____ D:\Temp\i4jd6898637189706322670.exe
2013-08-15 20:38 - 2013-08-15 20:38 - 00000000 _____ D:\Temp\i4jd2117242664653505700.exe
2013-08-15 20:36 - 2013-08-15 20:36 - 00098304 _____ D:\Temp\~DF50DFD888D5D05E13.TMP
2013-08-15 20:08 - 2013-08-15 20:08 - 00000000 ____D D:\Temp\lilo.6576
2013-08-15 18:20 - 2013-08-15 18:20 - 00000000 _____ D:\Temp\CVR428B.tmp.cvr
2013-08-15 17:50 - 2013-08-15 17:50 - 00000000 ____D D:\Temp\HDW20_TMP
2013-08-15 09:41 - 2013-08-15 17:34 - 00000000 ____D D:\Temp\e4j8F4F.tmp_dir1376552477
2013-08-15 09:41 - 2013-08-15 17:34 - 00000000 ____D D:\Temp\e4j1519.tmp_dir1376552511
2013-08-14 22:59 - 2013-08-15 18:24 - 00000000 ____D D:\Users\XXXXX\Documents\Route
2013-08-14 22:58 - 2013-08-14 22:58 - 01183133 ____N D:\Users\XXXXX\Documents\Fahrtenplanung.zip
2013-08-13 22:10 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-13 22:10 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-13 22:10 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-13 22:10 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-13 22:10 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-13 22:09 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-13 22:09 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-13 22:09 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-13 22:09 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-13 22:09 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-13 22:09 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-13 22:09 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-13 22:09 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-13 22:09 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-13 22:09 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-13 22:09 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-13 22:09 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-13 22:09 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-13 22:09 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-13 22:09 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-13 22:09 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-13 22:09 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-13 22:03 - 2013-08-13 22:09 - 35150274 _____ D:\Temp\KB2840628v2_20130813_220339704-Microsoft .NET Framework 4 Client 
Profile-MSP0.txt
2013-08-13 22:03 - 2013-08-13 22:09 - 00066738 _____ D:\Temp\KB2840628v2_20130813_220339704.html
2013-08-13 22:03 - 2013-08-13 22:03 - 00000000 ____D D:\Temp\KB2840628v2_10.0.30319
2013-08-13 21:58 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 21:58 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 21:58 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 21:58 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 21:58 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 21:58 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 21:58 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 21:58 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 21:58 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 21:58 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 21:58 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 21:58 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 21:57 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 21:57 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 21:56 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 21:56 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 21:56 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-13 21:56 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 21:56 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 21:56 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 21:56 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 21:56 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 21:56 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 21:56 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 21:56 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 21:55 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 21:54 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 21:33 - 2013-08-13 21:33 - 10180080 _____ D:\Users\XXXXX\Downloads\SetupAnyDVD7310.exe
2013-08-12 10:40 - 2013-08-13 21:34 - 00000999 _____ D:\Users\Public\Desktop\AnyDVD.lnk
2013-08-12 10:40 - 2013-08-12 10:40 - 10175272 _____ D:\Users\XXXXX\Downloads\SetupAnyDVD7300.exe
2013-08-11 15:38 - 2013-08-11 15:38 - 00010305 _____ D:\Users\XXXXX\Documents\YYYYY.xlsx
2013-08-08 23:42 - 2013-09-02 01:55 - 00035224 _____ D:\Temp\i4jdel0.exe
2013-08-08 13:13 - 2013-08-08 13:13 - 28120264 _____ D:\Users\XXXXX\Downloads\serviio-1.3-win-setup.exe
2013-08-04 19:29 - 2013-08-04 19:29 - 00000000 ____D C:\00000

==================== One Month Modified Files and Folders =======

2013-09-02 22:16 - 2013-09-02 22:16 - 00010688 _____ D:\Temp\log1
2013-09-02 22:16 - 2013-09-02 22:16 - 00005084 _____ D:\Temp\ads000
2013-09-02 22:16 - 2013-09-02 22:15 - 00013165 _____ D:\Temp\frstlog
2013-09-02 22:15 - 2013-09-02 22:15 - 00063842 _____ D:\Temp\modules00
2013-09-02 22:15 - 2013-09-02 22:15 - 00000057 _____ D:\Temp\users00
2013-09-02 22:15 - 2013-09-02 22:15 - 00000003 _____ D:\Temp\others
2013-09-02 22:15 - 2013-09-02 22:15 - 00000000 ____D C:\FRST
2013-09-02 22:13 - 2013-09-02 22:14 - 01951954 _____ (Farbar) D:\Users\XXXXX\Desktop\FRST64.exe
2013-09-02 22:09 - 2013-09-02 22:09 - 00000478 _____ D:\Users\XXXXX\Desktop\defogger_disable.log
2013-09-02 22:05 - 2012-03-28 11:34 - 00000000 ____D D:\Users\XXXXX\Documents\Outlook-Dateien
2013-09-02 21:55 - 2013-09-02 21:55 - 00000000 _____ D:\Temp\CVR4AFF.tmp.cvr
2013-09-02 21:53 - 2013-02-10 21:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 21:50 - 2013-09-02 00:32 - 00003538 _____ D:\Users\XXXXX\Desktop\Rkill.txt
2013-09-02 21:47 - 2013-09-02 21:48 - 01898112 _____ (Bleeping Computer, LLC) D:\Users\XXXXX\Desktop\rkill.exe
2013-09-02 21:42 - 2012-03-27 22:39 - 00665080 _____ D:\Temp\StructuredQuery.log
2013-09-02 21:25 - 2013-09-02 21:25 - 00000000 ____D D:\Users\XXXXX\Desktop\mbam-chameleon-1.62.1.1000
2013-09-02 21:22 - 2013-09-02 21:22 - 00511801 _____ D:\Users\XXXXX\Downloads\usb.txt
2013-09-02 21:10 - 2012-03-29 00:01 - 00000000 ____D D:\Users\XXXXX\AppData\Roaming\Skype
2013-09-02 18:22 - 2012-02-19 19:58 - 01754163 _____ C:\Windows\WindowsUpdate.log
2013-09-02 16:55 - 2013-09-02 21:24 - 01440846 _____ D:\Users\XXXXX\Documents\mbam-chameleon-1.62.1.1000.zip
2013-09-02 16:44 - 2012-12-13 23:34 - 01758956 _____ D:\Temp\MpCmdRun.log
2013-09-02 16:18 - 2013-03-07 10:02 - 00000000 ____D D:\Temp\acrord32_sbx
2013-09-02 16:12 - 2012-03-27 22:29 - 00076118 _____ D:\Temp\AdobeARM.log
2013-09-02 15:03 - 2013-01-17 16:46 - 00000987 _____ D:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 15:03 - 2013-01-17 16:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-02 14:59 - 2013-09-02 15:00 - 10285040 _____ (Malwarebytes Corporation                                    ) D:\Users
\XXXXX\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-02 11:26 - 2012-04-06 21:37 - 00000000 ____D D:\Temp\Acrobat Distiller 10
2013-09-02 11:25 - 2012-03-30 10:11 - 00090342 _____ D:\Temp\amt3.log
2013-09-02 11:21 - 2012-03-30 09:12 - 00008783 _____ D:\Temp\swtag.log
2013-09-02 11:12 - 2012-12-14 11:13 - 00282136 _____ D:\Temp\PDApp.log
2013-09-02 11:02 - 2009-07-14 06:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-
A289-439d-8115-601632D005A0
2013-09-02 11:02 - 2009-07-14 06:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-
A289-439d-8115-601632D005A0
2013-09-02 11:01 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-02 11:00 - 2013-01-18 15:32 - 00000000 ____D D:\Temp\vmware-XXXXX
2013-09-02 11:00 - 2012-03-30 20:06 - 00341868 _____ D:\Temp\jusched.log
2013-09-02 10:58 - 2013-01-18 15:32 - 00000000 ____D D:\Users\XXXXX\AppData\Roaming\VMware
2013-09-02 10:55 - 2013-09-02 10:55 - 00000000 ____D D:\Temp\WPDNSE
2013-09-02 10:55 - 2013-09-02 10:55 - 00000000 ____D D:\Temp\e4jDD6A.tmp_dir1378112105
2013-09-02 10:55 - 2013-09-02 10:55 - 00000000 _____ D:\Temp\e4jDD6A.tmp
2013-09-02 10:55 - 2012-03-30 20:07 - 00000000 ____D D:\Temp\hsperfdata_XXXXX
2013-09-02 10:53 - 2013-09-02 10:53 - 00000000 ____D D:\Temp\e4j7E09.tmp_dir1378112016
2013-09-02 10:53 - 2013-09-02 10:53 - 00000000 _____ D:\Temp\e4j7E09.tmp
2013-09-02 10:53 - 2013-01-18 14:58 - 00000000 ____D D:\Temp\vmware-SYSTEM
2013-09-02 10:53 - 2012-12-25 16:57 - 00025286 _____ C:\Windows\setupact.log
2013-09-02 10:53 - 2012-04-01 11:49 - 00000000 ____D D:\Temp\hsperfdata_PPPCCC$
2013-09-02 10:53 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 01:55 - 2013-09-02 01:55 - 00000277 _____ D:\Temp\i4j3802507429236706883.tmp
2013-09-02 01:55 - 2013-08-08 23:42 - 00035224 _____ D:\Temp\i4jdel0.exe
2013-09-02 01:54 - 2013-09-02 01:54 - 00000277 _____ D:\Temp\i4j2731781772879243307.tmp
2013-09-02 01:38 - 2013-09-02 01:38 - 00000000 _____ D:\Temp\CVR58ED.tmp.cvr
2013-09-02 01:35 - 2013-09-02 01:35 - 00000000 _____ D:\Temp\CVR6A2C.tmp.cvr
2013-09-02 01:35 - 2009-07-14 19:58 - 00656872 _____ C:\Windows\system32\perfh007.dat
2013-09-02 01:35 - 2009-07-14 19:58 - 00131270 _____ C:\Windows\system32\perfc007.dat
2013-09-02 01:35 - 2009-07-14 07:13 - 01507084 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-02 01:27 - 2013-09-02 01:27 - 00000000 ____D D:\Temp\e4jD532.tmp_dir1378078061
2013-09-02 01:27 - 2013-09-02 01:27 - 00000000 ____D D:\Temp\e4j86C4.tmp_dir1378078041
2013-09-02 01:27 - 2013-09-02 01:27 - 00000000 _____ D:\Temp\e4jD532.tmp
2013-09-02 01:27 - 2013-09-02 01:27 - 00000000 _____ D:\Temp\e4j86C4.tmp
2013-09-02 01:25 - 2013-09-02 01:25 - 00000277 _____ D:\Temp\i4j2221155456125459922.tmp
2013-09-02 01:23 - 2013-07-30 12:09 - 00011728 _____ D:\Temp\JavaDeployReg.log
2013-09-02 01:22 - 2013-09-02 01:22 - 00000087 _____ D:\Users\XXXXX\Documents\333.txt
2013-09-02 01:17 - 2013-09-02 01:17 - 00000000 ____D D:\Temp\e4jE399.tmp_dir1378077458
2013-09-02 01:17 - 2013-09-02 01:17 - 00000000 ____D D:\Temp\e4j8608.tmp_dir1378077434
2013-09-02 01:17 - 2013-09-02 01:17 - 00000000 _____ D:\Temp\e4jE399.tmp
2013-09-02 01:17 - 2013-09-02 01:17 - 00000000 _____ D:\Temp\e4j8608.tmp
2013-09-02 00:35 - 2013-09-02 00:35 - 00000277 _____ D:\Temp\i4j6260075899777511513.tmp
2013-09-02 00:23 - 2013-07-07 21:22 - 00000000 ____D D:\Users\XXXXX\Downloads\OTL
2013-09-02 00:04 - 2013-09-02 00:04 - 00000005 _____ D:\Temp\Version.txt
2013-09-01 23:36 - 2013-09-01 23:36 - 00000000 ____D D:\Temp\e4jF963.tmp_dir1378071372
2013-09-01 23:36 - 2013-09-01 23:36 - 00000000 _____ D:\Temp\e4jF963.tmp
2013-09-01 23:35 - 2013-09-01 23:35 - 00000000 ____D D:\Temp\e4j8DA9.tmp_dir1378071345
2013-09-01 23:35 - 2013-09-01 23:35 - 00000000 _____ D:\Temp\e4j8DA9.tmp
2013-08-15 20:39 - 2013-08-15 20:39 - 00000000 _____ D:\Temp\i4jd6898637189706322670.exe
2013-08-15 20:38 - 2013-08-15 20:38 - 00000000 _____ D:\Temp\i4jd2117242664653505700.exe
2013-08-15 20:36 - 2013-08-15 20:36 - 00098304 _____ D:\Temp\~DF50DFD888D5D05E13.TMP
2013-08-15 20:08 - 2013-08-15 20:08 - 00000000 ____D D:\Temp\lilo.6576
2013-08-15 19:41 - 2012-08-11 23:56 - 00000190 _____ C:\.dir
2013-08-15 19:03 - 2012-03-28 11:33 - 00000000 ____D D:\Temp\Outlook-Protokoll
2013-08-15 18:24 - 2013-08-14 22:59 - 00000000 ____D D:\Users\XXXXX\Documents\Route
2013-08-15 18:20 - 2013-08-15 18:20 - 00000000 _____ D:\Temp\CVR428B.tmp.cvr
2013-08-15 18:10 - 2012-07-11 07:59 - 00000000 ____D C:\HDW20_TMP
2013-08-15 17:50 - 2013-08-15 17:50 - 00000000 ____D D:\Temp\HDW20_TMP
2013-08-15 17:34 - 2013-08-15 09:41 - 00000000 ____D D:\Temp\e4j8F4F.tmp_dir1376552477
2013-08-15 17:34 - 2013-08-15 09:41 - 00000000 ____D D:\Temp\e4j1519.tmp_dir1376552511
2013-08-15 15:07 - 2012-12-13 23:02 - 00000000 ____D D:\Temp\msohtmlclip1
2013-08-14 22:58 - 2013-08-14 22:58 - 01183133 ____N D:\Users\XXXXX\Documents\Fahrtenplanung.zip
2013-08-14 19:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-13 22:09 - 2013-08-13 22:03 - 35150274 _____ D:\Temp\KB2840628v2_20130813_220339704-Microsoft .NET Framework 4 Client 
Profile-MSP0.txt
2013-08-13 22:09 - 2013-08-13 22:03 - 00066738 _____ D:\Temp\KB2840628v2_20130813_220339704.html
2013-08-13 22:03 - 2013-08-13 22:03 - 00000000 ____D D:\Temp\KB2840628v2_10.0.30319
2013-08-13 22:03 - 2013-07-11 09:45 - 00000000 ____D C:\Windows\system32\MRT
2013-08-13 22:03 - 2012-04-11 09:38 - 00043849 _____ D:\Temp\dd_clwireg.txt
2013-08-13 22:00 - 2012-02-20 09:42 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-13 21:34 - 2013-08-12 10:40 - 00000999 _____ D:\Users\Public\Desktop\AnyDVD.lnk
2013-08-13 21:33 - 2013-08-13 21:33 - 10180080 _____ D:\Users\XXXXX\Downloads\SetupAnyDVD7310.exe
2013-08-12 11:09 - 2012-07-19 16:45 - 00000000 ____D D:\Users\XXXXX\AppData\Roaming\vlc
2013-08-12 10:40 - 2013-08-12 10:40 - 10175272 _____ D:\Users\XXXXX\Downloads\SetupAnyDVD7300.exe
2013-08-11 15:38 - 2013-08-11 15:38 - 00010305 _____ D:\Users\XXXXX\Documents\YYYYY.xlsx
2013-08-08 21:26 - 2012-02-20 09:05 - 00025806 _____ C:\Windows\PFRO.log
2013-08-08 13:13 - 2013-08-08 13:13 - 28120264 _____ D:\Users\XXXXX\Downloads\serviio-1.3-win-setup.exe
2013-08-05 23:32 - 2013-07-26 18:15 - 00000000 ____D D:\Temp\MPInstrumentation
2013-08-04 19:29 - 2013-08-04 19:29 - 00000000 ____D C:\00000

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3960444725-528725032-619687768-1002\$2da68a42dc8676462a725f652fe7d534

Files to move or delete:
====================
D:\Temp\FRST64__2594_il1013973.exe
D:\Temp\i4jd2117242664653505700.exe
D:\Temp\i4jd2233005699919653475.exe
D:\Temp\i4jd6898637189706322670.exe
D:\Temp\i4jdel0.exe
D:\Temp\SkypeSetup.exe
D:\Temp\vmware-XXXXX\VMwareDnD\d7c12f06\rkill.exe
D:\Temp\vmware-XXXXX\VMwareDnD\cfc9476e\mbam-setup-1.75.0.1300.exe
D:\Temp\vmware-XXXXX\VMwareDnD\909eb288\windows6.1-KB976932-X64.exe
D:\Temp\vmware-XXXXX\VMwareDnD\5c48b3ab\FRST64.exe
D:\Temp\vmware-XXXXX\VMwareDnD\4b43ca8d\4Videosoft DVD Ripper Platinum 5.1.6\dvd-ripper-platinum.exe
D:\Temp\vmware-XXXXX\VMwareDnD\0bb6001f\Defogger.exe
D:\Temp\e4jF963.tmp_dir1378071372\i4jdel.exe
D:\Temp\e4jE399.tmp_dir1378077458\i4jdel.exe
D:\Temp\e4jDD6A.tmp_dir1378112105\i4jdel.exe
D:\Temp\e4jD532.tmp_dir1378078061\i4jdel.exe
D:\Temp\e4j8DA9.tmp_dir1378071345\i4jdel.exe
D:\Temp\e4j86C4.tmp_dir1378078041\i4jdel.exe
D:\Temp\e4j8608.tmp_dir1378077434\i4jdel.exe
D:\Temp\e4j7E09.tmp_dir1378112016\i4jdel.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 10:04

==================== End Of Log ============================

--- --- ---

--- --- ---

Ich habe nichts „Interessantes“ gefunden. Vielleicht gibt es was…

Grüße
Almidagu

schrauber · 03.09.2013, 20:41

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Almidagu · 04.09.2013, 11:27

Hallo @schrauber,

ich bin sprachlos! Das Programm ComboFix hat die infizierte Datei gefunden und korrigiert: mshtml.dll.

Wie ich ausprobiert habe, funktioniert alles ohne Problem.

Herzlich bedanke ich mich bei Dir.

Auf jeden Fall zeige ich den Inhalt der Log-Datei:

[CODE]
Combofix Logfile:

Code:

ATTFilter

ComboFix 13-09-02.02 - XXXXX 03.09.2013  23:39:45.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2816.386 [GMT 2:00]
ausgeführt von:: d:\users\XXXXX\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\users\XXXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1BF85D47-BCF4-497F-9289-C74C723E30B2}.xps
d:\users\XXXXX\videos\Slide Show Marina.exe
.
Infizierte Kopie von c:\windows\SysWow64\mshtml.dll wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20768_none_849171bee0b28b34\mshtml.dll wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-03 bis 2013-09-03  ))))))))))))))))))))))))))))))
.
.
2013-09-03 06:01 . 2013-09-03 06:03	--------	d-----w-	d:\users\Wir
2013-09-03 05:39 . 2013-08-06 08:58	9515512	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9432DF5A-D00D-4298-A148-8E0C789FDF13}\mpengine.dll
2013-09-02 20:15 . 2013-09-02 20:15	--------	d-----w-	C:\FRST
2013-09-01 21:51 . 2013-09-01 21:42	941720	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92609967-2EA7-4FE4-9BD7-2F467031AF5A}\gapaengine.dll
2013-09-01 21:47 . 2013-08-06 08:58	9515512	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-13 20:10 . 2013-07-26 03:35	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-08-13 20:10 . 2013-07-26 02:49	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-08-13 20:10 . 2013-07-26 05:12	526336	----a-w-	c:\windows\system32\ieui.dll
2013-08-13 20:10 . 2013-07-26 05:12	356864	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-08-13 20:10 . 2013-07-26 03:13	218112	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-08-13 20:10 . 2013-07-26 03:12	236032	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll
2013-08-13 20:10 . 2013-07-26 03:11	257536	----a-w-	c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-08-13 20:10 . 2013-07-26 05:13	279040	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-08-13 20:10 . 2013-07-26 03:12	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-08-13 19:58 . 2013-07-25 09:25	1888768	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-08-13 19:58 . 2013-07-25 08:57	1620992	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-08-13 19:58 . 2013-07-09 05:52	224256	----a-w-	c:\windows\system32\wintrust.dll
2013-08-13 19:58 . 2013-07-09 05:46	1472512	----a-w-	c:\windows\system32\crypt32.dll
2013-08-13 19:58 . 2013-07-09 04:52	175104	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-08-13 19:58 . 2013-07-09 04:46	1166848	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-08-13 19:58 . 2013-07-09 05:46	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-08-13 19:58 . 2013-07-09 04:46	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-08-13 19:58 . 2013-07-09 05:46	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-08-13 19:58 . 2013-07-09 04:46	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-08-13 19:58 . 2013-07-19 01:58	2048	----a-w-	c:\windows\system32\tzres.dll
2013-08-13 19:58 . 2013-07-19 01:41	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-08-13 19:57 . 2013-07-09 05:51	1217024	----a-w-	c:\windows\system32\rpcrt4.dll
2013-08-13 19:57 . 2013-07-09 04:52	663552	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2013-08-13 19:56 . 2013-07-09 05:03	3913664	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-08-13 19:56 . 2013-07-09 06:03	5550528	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-08-13 19:56 . 2013-07-09 05:03	3968960	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-08-13 19:56 . 2013-07-09 05:54	1732032	----a-w-	c:\windows\system32\ntdll.dll
2013-08-13 19:56 . 2013-07-09 05:53	243712	----a-w-	c:\windows\system32\wow64.dll
2013-08-13 19:56 . 2013-07-09 04:53	1292192	----a-w-	c:\windows\SysWow64\ntdll.dll
2013-08-13 19:56 . 2013-07-09 02:49	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-08-13 19:56 . 2013-07-09 04:52	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-08-13 19:56 . 2013-07-09 02:49	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-08-13 19:56 . 2013-07-09 02:49	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-08-13 19:56 . 2013-07-09 02:49	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-08-13 19:55 . 2013-06-15 04:32	39936	----a-w-	c:\windows\system32\drivers\tssecsrv.sys
2013-08-13 19:54 . 2013-07-06 06:03	1910208	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-13 20:00 . 2012-02-20 07:42	78161360	----a-w-	c:\windows\system32\MRT.exe
2013-07-31 11:23 . 2013-07-31 11:23	139352	----a-w-	c:\windows\SysWow64\drivers\AnyDVD.sys
2013-07-31 11:23 . 2013-07-31 11:23	139352	----a-w-	c:\windows\system32\drivers\AnyDVD.sys
2013-07-30 10:12 . 2013-07-30 10:13	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-30 10:12 . 2013-07-30 10:13	312232	----a-w-	c:\windows\system32\javaws.exe
2013-07-30 10:12 . 2013-07-30 10:13	189352	----a-w-	c:\windows\system32\javaw.exe
2013-07-30 10:12 . 2013-07-30 10:13	188840	----a-w-	c:\windows\system32\java.exe
2013-07-30 10:12 . 2012-10-29 15:48	1093032	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-07-30 10:12 . 2012-03-30 18:07	972712	----a-w-	c:\windows\system32\deployJava1.dll
2013-07-30 10:08 . 2013-07-30 10:09	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-30 10:08 . 2012-07-07 18:57	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-07-30 10:08 . 2012-04-01 11:26	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-07-17 20:27 . 2012-06-12 16:01	941720	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-17 20:18 . 2012-04-04 09:50	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-17 20:18 . 2012-03-27 15:34	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-09 04:45 . 2013-08-13 19:56	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-07-02 13:27 . 2013-07-02 13:27	97176	----a-w-	c:\windows\SysWow64\ElbyCDIO.dll
2013-06-18 19:50 . 2013-06-18 19:50	247216	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50 . 2011-04-27 13:25	139616	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2012-07-05 1835008]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2013-08-12 7307352]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
"EMET Notifier"="c:\program files (x86)\EMET\EMET_notifier.exe" [2012-05-09 152152]
"TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_MX_Premium_Download-Version\TrayServer_de.exe" [2008-08-07 90112]
"vmware-tray.exe"="c:\vmware\VMware Workstation\vmware-tray.exe" [2012-08-15 104088]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
d:\users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MailWasherPro.lnk - c:\program files (x86)\Firetrust\MailWasher\MailWasherPro.exe -nosplash [2012-3-15 5513040]
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2013-8-2 641024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2012-7-11 308640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
S0 3wareDrv;3wareDrv;c:\windows\system32\DRIVERS\3wareDrv.sys;c:\windows\SYSNATIVE\DRIVERS\3wareDrv.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe;c:\program files\Serviio\bin\ServiioService.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 VMwareHostd;VMware Workstation Server;c:\vmware\VMware Workstation\vmware-hostd.exe;c:\vmware\VMware Workstation\vmware-hostd.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys;c:\windows\SYSNATIVE\DRIVERS\CamDrL64.sys [x]
S3 Cinergy_HT_PCI_MKII;Cinergy HT PCI (MKII) service;c:\windows\system32\DRIVERS\Cinergy_HT_PCI_MKII.sys;c:\windows\SYSNATIVE\DRIVERS\Cinergy_HT_PCI_MKII.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.032"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.apd"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.arw"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bay"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bmp"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bw"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.cs1"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.dcx"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.dib"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.emf"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.eps"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fff"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fpx"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.gif"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.icn"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.iff"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ilbm"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.int"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.inta"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.iw4"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.j2c"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.j2k"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jbr"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jfif"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jif"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jp2"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpc"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpe"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpeg"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpg"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpk"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpx"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.kdc"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.lbm"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.mef"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.nrw"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pbr"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pct"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pcx"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pgm"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pic"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pict"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pix"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.png"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ppm"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pspbrush"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pspimage"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ras"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rgb"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rgba"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rle"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rsb"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rw2"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rwl"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sgi"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sr2"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.srw"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.tga"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.thm"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.tif"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.tiff"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50po"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50pp"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50ppf"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.wbm"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.wbmp"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.wmf"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xbm"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xif"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xmp"
.
[HKEY_USERS\S-1-5-21-3960444725-528725032-619687768-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (S-1-5-21-3960444725-528725032-619687768-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\vmnat.exe
c:\vmware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-09-04  00:03:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-09-03 22:03
.
Vor Suchlauf: 9.446.707.200 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 10.456.637.440 Bytes frei
.
- - End Of File - - 68649AACEF5A3ACEB0AA42E20C478864

--- --- ---

Grüße, Almidagu

P.S. Zusätzlich hat das Programm auch eine Slideshow in der Form exe-Datei entfernt, aber ich habe eine Kopie.

schrauber · 04.09.2013, 16:03

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Almidagu · 04.09.2013, 17:00

Hallo @schrauber,

wie ich in erstem Betrag geschrieben habe, die Programme Malwarebytes Anti-Malware und AdwCleaner keine Funde gaben. Wofür noch mal scannen?

Die frisches FRST-Logdatei erstelle und sende ich bald.

Grüße,
Almidagu

Wie besprochen:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 03
Ran by XXXXX (administrator) on PPPCCC on 04-09-2013 17:45:54
Running from D:\Users\XXXXX\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\VMware\VMware Workstation\vmware-authd.exe
() C:\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe
(VMware, Inc.) C:\VMware\VMware Workstation\vmware-tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Firetrust) C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
() C:\Program Files\Serviio\bin\ServiioConsole.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe 

[497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [Remote Control Editor] - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1835008 2012-07-05] 

(Elgato Systems)
HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [7352408 2013-09-03] (SlySoft, Inc.)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe 

Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-

03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] 

(Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager

\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 

2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-

10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [EMET Notifier] - C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Download-Version\TrayServer_de.exe 

[90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [vmware-tray.exe] - C:\VMware\VMware Workstation\vmware-tray.exe [104088 2012-08-15] (VMware, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] 

(Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] 

(Oracle Corporation)
Startup: D:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk
ShortcutTarget: MailWasherPro.lnk -> C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe (Firetrust)
Startup: D:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {9D2220A6-251A-4C82-982A-12A67A9E9EEF} URL = hxxp://de.wikipedia.org/w/index.php?

title=Spezial:Suche&search={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL 

(Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle 

Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL 

(Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll 

(Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll 

(Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files

\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL 

(Microsoft Corporation)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\TEXTware\QUICKF~1\PlugIns\IEHelp.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin

\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TERRATEC

\TERRAT~2\THCDES~1.DLL (TerraTec Electronic GmbH)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype 

Technologies)
Handler-x32: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows

\SysWow64\textwareilluminatorbaseProtocol.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Corporate.11.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE

\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro 

Devices, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes 

Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes 

Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [359936 2013-08-08] ()
R2 VMAuthdService; C:\VMware\VMware Workstation\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.)
R2 VMwareHostd; C:\VMware\VMware Workstation\vmware-hostd.exe [15680000 2012-08-15] ()
S4 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R0 3wareDrv; C:\Windows\System32\DRIVERS\3wareDrv.sys [125224 2011-08-11] (LSI)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3491616 2009-06-18] (Realtek Semiconductor Corp.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [139352 2013-07-31] (SlySoft, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-12-28] (AVG Technologies)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
R3 Cinergy_HT_PCI_MKII; C:\Windows\System32\DRIVERS\Cinergy_HT_PCI_MKII.sys [271656 2012-10-31] (TerraTec Electronic GmbH.)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-08-15] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-04 17:46 - 2013-09-04 17:46 - 00000000 _____ D:\Temp\log1
2013-09-04 17:45 - 2013-09-04 17:45 - 00000071 _____ D:\Temp\users00
2013-09-04 17:45 - 2013-09-04 17:45 - 00000003 _____ D:\Temp\others
2013-09-04 17:45 - 2013-09-04 17:45 - 00000000 _____ D:\Temp\frstlog
2013-09-04 17:44 - 2013-09-04 17:44 - 01950416 _____ (Farbar) D:\Users\XXXXX\Desktop\FRST64.exe
2013-09-04 17:44 - 2013-09-04 17:44 - 00032768 _____ D:\Temp\~DFA9BBB930D32C49D1.TMP
2013-09-04 17:44 - 2013-09-04 17:44 - 00032768 _____ D:\Temp\~DF119E1B3764DE5FBD.TMP
2013-09-04 17:44 - 2013-09-04 17:44 - 00016384 _____ D:\Temp\~DF964B436E431B570F.TMP
2013-09-04 17:44 - 2013-09-04 17:44 - 00000512 ____T D:\Temp\~DF65926769F6377D5D.TMP
2013-09-04 17:44 - 2013-09-04 17:44 - 00000512 ____T D:\Temp\~DF6506446A4B9DA20B.TMP
2013-09-04 17:44 - 2013-09-04 17:44 - 00000512 ____T D:\Temp\~DF534F6D1B2C9FC5B7.TMP
2013-09-04 17:44 - 2013-09-04 17:44 - 00000000 ____T D:\Temp\~DFAA10699E78C4B958.TMP
2013-09-04 17:44 - 2013-09-04 17:44 - 00000000 ____T D:\Temp\~DF7B4471771CEAD1A6.TMP
2013-09-04 17:05 - 2013-09-04 17:08 - 00061440 ____T D:\Temp\~DFC77ECE7DC11644BF.TMP
2013-09-04 16:36 - 2013-09-04 16:36 - 00032768 _____ D:\Temp\~DF48A76D8106E748FA.TMP
2013-09-04 16:36 - 2013-09-04 16:36 - 00032768 _____ D:\Temp\~DF35701226501D8245.TMP
2013-09-04 16:36 - 2013-09-04 16:36 - 00016384 _____ D:\Temp\~DF1EAD900FEB48230B.TMP
2013-09-04 16:36 - 2013-09-04 16:36 - 00000512 ____T D:\Temp\~DFBB69C022F5CAFCEA.TMP
2013-09-04 16:36 - 2013-09-04 16:36 - 00000512 ____T D:\Temp\~DF1E379E2EF9951E01.TMP
2013-09-04 16:36 - 2013-09-04 16:36 - 00000512 ____T D:\Temp\~DF11830BCA99A417AA.TMP
2013-09-04 16:36 - 2013-09-04 16:36 - 00000000 ____T D:\Temp\~DF9A0E631476299ED9.TMP
2013-09-04 16:33 - 2013-09-04 16:33 - 00000000 ____D D:\Temp\WPDNSE
2013-09-04 16:33 - 2013-09-04 16:33 - 00000000 ____D D:\Temp\e4jB0DC.tmp_dir1378305187
2013-09-04 16:33 - 2013-09-04 16:33 - 00000000 _____ D:\Temp\e4jB0DC.tmp
2013-09-04 16:31 - 2013-09-04 16:31 - 00000000 ____D D:\Temp\e4j79A4.tmp_dir1378305107
2013-09-04 16:31 - 2013-09-04 16:31 - 00000000 _____ D:\Temp\e4j79A4.tmp
2013-09-04 15:12 - 2013-09-04 15:12 - 00000273 _____ D:\Temp\i4j2930729883748438166.tmp
2013-09-04 12:36 - 2013-09-04 12:40 - 00029002 _____ D:\Temp\amt3.log
2013-09-04 12:36 - 2013-09-04 12:37 - 00002000 _____ D:\Temp\oobelib.log
2013-09-04 12:36 - 2013-09-04 12:36 - 00001193 _____ D:\Temp\swtag.log
2013-09-04 12:19 - 2013-09-04 12:19 - 00000000 _____ D:\Temp\CVRAD94.tmp.cvr
2013-09-04 11:42 - 2013-09-04 12:37 - 00024498 _____ D:\Temp\PDApp.log
2013-09-04 11:39 - 2013-09-04 16:41 - 00007610 _____ D:\Temp\MpCmdRun.log
2013-09-04 11:38 - 2013-09-04 11:38 - 00035224 _____ D:\Temp\i4jdel1.exe
2013-09-04 11:38 - 2013-09-04 11:38 - 00000000 ____D D:\Temp\e4jFC2.tmp_dir1378287509
2013-09-04 11:38 - 2013-09-04 11:38 - 00000000 _____ D:\Temp\e4jFC2.tmp
2013-09-04 11:37 - 2013-09-04 11:37 - 28148192 _____ D:\Users\XXXXX\Downloads\serviio-1.3.1-win-setup.exe
2013-09-04 11:35 - 2013-09-04 11:35 - 10227392 _____ D:\Users\XXXXX\Downloads\SetupAnyDVD7320.exe
2013-09-04 11:32 - 2013-09-04 16:38 - 00001456 _____ D:\Temp\jusched.log
2013-09-04 01:02 - 2013-09-04 01:02 - 00000277 _____ D:\Temp\i4j6529114285205863466.tmp
2013-09-04 00:52 - 2013-09-04 16:33 - 00005026 _____ D:\Temp\AdobeARM.log
2013-09-04 00:31 - 2013-09-04 12:55 - 00009569 _____ D:\Temp\StructuredQuery.log
2013-09-04 00:03 - 2013-09-04 00:03 - 00039585 _____ C:\ComboFix.txt
2013-09-03 23:57 - 2013-09-04 16:31 - 00000000 ____D D:\Temp\vmware-SYSTEM-1629057059
2013-09-03 23:57 - 2013-09-03 23:57 - 00000000 ____D D:\Temp\e4j882B.tmp_dir1378245443
2013-09-03 23:57 - 2013-09-03 23:57 - 00000000 _____ D:\Temp\e4j882B.tmp
2013-09-03 23:36 - 2013-09-04 00:04 - 00000000 ____D C:\Qoobox
2013-09-03 23:36 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-03 23:36 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-03 23:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-03 23:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-03 23:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-03 23:36 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-03 23:36 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-03 23:36 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-03 23:35 - 2013-09-04 00:01 - 00000000 ____D C:\Windows\erdnt
2013-09-03 22:58 - 2013-09-03 22:56 - 05119472 ____R (Swearware) D:\Users\XXXXX\Desktop\ComboFix.exe
2013-09-03 18:02 - 2013-09-03 18:02 - 00035615 _____ D:\Users\XXXXX\Desktop\meinFRST.txt
2013-09-03 13:07 - 2013-09-03 13:07 - 00149891 _____ D:\Users\XXXXX\Documents\Favorites_2013-09_03.rar
2013-09-03 10:48 - 2013-09-03 10:48 - 00001692 _____ D:\Users\XXXXX\Documents\Internet Explorer 10.txt
2013-09-03 08:42 - 2013-09-03 08:41 - 01037134 _____ D:\Users\XXXXX\Desktop\adwcleaner.exe
2013-09-03 08:13 - 2013-09-03 23:47 - 00000000 ____D D:\Temp\e4j5761.tmp_dir1378188815
2013-09-03 08:05 - 2013-09-03 08:05 - 00000000 ____D D:\Users\Wir\AppData\Local\AMD
2013-09-03 08:04 - 2013-09-03 08:09 - 00000000 ____D D:\Users\Wir\AppData\Local\Adobe
2013-09-03 08:04 - 2013-09-03 08:04 - 00173760 _____ D:\Users\Wir\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-03 08:04 - 2013-09-03 08:04 - 00000000 ____D D:\Users\Wir\AppData\Roaming\ATI
2013-09-03 08:04 - 2013-09-03 08:04 - 00000000 ____D D:\Users\Wir\AppData\Local\ATI
2013-09-03 08:03 - 2013-09-03 08:05 - 00000000 ____D D:\Users\Wir\AppData\Roaming\Adobe
2013-09-03 08:02 - 2013-09-03 08:02 - 00000020 ___SH D:\Users\Wir\ntuser.ini
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Vorlagen
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Startmenü
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Netzwerkumgebung
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Lokale Einstellungen
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Eigene Dateien
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Druckumgebung
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Documents\Eigene Musik
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Documents\Eigene Bilder
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\AppData\Local\Verlauf
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\AppData\Local\Anwendungsdaten
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Anwendungsdaten
2013-09-03 08:01 - 2013-09-03 23:47 - 00000000 ____D D:\Temp\e4j7CF0.tmp_dir1378188103
2013-09-03 08:01 - 2013-09-03 08:03 - 00000000 ____D D:\Users\Wir
2013-09-03 08:01 - 2013-03-14 07:57 - 00000000 ____D D:\Users\Wir\AppData\Local\Microsoft Help
2013-09-03 08:01 - 2012-03-30 09:57 - 00000000 ____D D:\Users\Wir\AppData\Roaming\Macromedia
2013-09-02 22:18 - 2013-09-02 22:18 - 00036241 _____ D:\Users\XXXXX\Desktop\FRST_2.txt
2013-09-02 22:16 - 2013-09-02 22:26 - 00080406 _____ D:\Users\XXXXX\Desktop\Addition.txt
2013-09-02 22:15 - 2013-09-02 22:15 - 00000000 ____D C:\FRST
2013-09-02 22:14 - 2013-09-02 22:13 - 01951954 _____ (Farbar) D:\Temp\FRST.tmp
2013-09-02 22:09 - 2013-09-02 22:09 - 00000478 _____ D:\Users\XXXXX\Desktop\defogger_disable.log
2013-09-02 21:48 - 2013-09-02 21:47 - 01898112 _____ (Bleeping Computer, LLC) D:\Users\XXXXX\Desktop\rkill.exe
2013-09-02 21:25 - 2013-09-02 21:25 - 00000000 ____D D:\Users\XXXXX\Desktop\mbam-chameleon-1.62.1.1000
2013-09-02 21:24 - 2013-09-02 16:55 - 01440846 _____ D:\Users\XXXXX\Documents\mbam-chameleon-1.62.1.1000.zip
2013-09-02 21:22 - 2013-09-02 21:22 - 00511801 _____ D:\Users\XXXXX\Downloads\usb.txt
2013-09-02 15:00 - 2013-09-02 14:59 - 10285040 _____ (Malwarebytes Corporation                                    ) D:\Users

\XXXXX\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-02 01:22 - 2013-09-02 01:22 - 00000087 _____ D:\Users\XXXXX\Documents\333.txt
2013-09-02 00:32 - 2013-09-02 21:50 - 00003538 _____ D:\Users\XXXXX\Desktop\Rkill.txt
2013-08-15 20:08 - 2013-08-15 20:08 - 00000000 ____D D:\Temp\lilo.6576
2013-08-15 17:50 - 2013-08-15 17:50 - 00000000 ____D D:\Temp\HDW20_TMP
2013-08-14 22:59 - 2013-08-15 18:24 - 00000000 ____D D:\Users\XXXXX\Documents\Route Frankreich
2013-08-14 22:58 - 2013-08-14 22:58 - 01183133 ____N D:\Users\XXXXX\Documents\Fahrtenplanung.zip
2013-08-13 22:10 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-13 22:10 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-13 22:10 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-13 22:10 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-13 22:10 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-13 22:09 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-13 22:09 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-13 22:09 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-13 22:09 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-13 22:09 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-13 22:09 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-13 22:09 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-13 22:09 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-13 22:09 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-13 22:09 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-13 22:09 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-13 22:09 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-13 22:09 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-13 22:09 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-13 22:09 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-13 22:09 - 2013-07-26 05:09 - 14356480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-13 22:09 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-13 22:09 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-13 22:03 - 2013-08-13 22:03 - 00000000 ____D D:\Temp\KB2840628v2_10.0.30319
2013-08-13 21:58 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 21:58 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 21:58 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 21:58 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 21:58 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 21:58 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 21:58 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 21:58 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 21:58 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 21:58 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 21:58 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 21:58 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 21:57 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 21:57 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 21:56 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 21:56 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 21:56 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-13 21:56 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 21:56 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 21:56 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 21:56 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 21:56 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 21:56 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 21:56 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 21:56 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 21:55 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 21:54 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-12 10:40 - 2013-09-04 11:35 - 00000999 _____ D:\Users\Public\Desktop\AnyDVD.lnk
2013-08-11 15:38 - 2013-08-11 15:38 - 00010305 _____ D:\Users\XXXXX\Documents\Völker расчет.xlsx

==================== One Month Modified Files and Folders =======

2013-09-04 17:46 - 2013-09-04 17:46 - 00000000 _____ D:\Temp\log1
2013-09-04 17:45 - 2013-09-04 17:45 - 00000071 _____ D:\Temp\users00
2013-09-04 17:45 - 2013-09-04 17:45 - 00000003 _____ D:\Temp\others
2013-09-04 17:45 - 2013-09-04 17:45 - 00000000 _____ D:\Temp\frstlog
2013-09-04 17:44 - 2013-09-04 17:44 - 01950416 _____ (Farbar) D:\Users\XXXXX\Desktop\FRST64.exe
2013-09-04 17:44 - 2013-09-04 17:44 - 00032768 _____ D:\Temp\~DFA9BBB930D32C49D1.TMP
2013-09-04 17:44 - 2013-09-04 17:44 - 00032768 _____ D:\Temp\~DF119E1B3764DE5FBD.TMP
2013-09-04 17:44 - 2013-09-04 17:44 - 00016384 _____ D:\Temp\~DF964B436E431B570F.TMP
2013-09-04 17:44 - 2013-09-04 17:44 - 00000512 ____T D:\Temp\~DF65926769F6377D5D.TMP
2013-09-04 17:44 - 2013-09-04 17:44 - 00000512 ____T D:\Temp\~DF6506446A4B9DA20B.TMP
2013-09-04 17:44 - 2013-09-04 17:44 - 00000512 ____T D:\Temp\~DF534F6D1B2C9FC5B7.TMP
2013-09-04 17:44 - 2013-09-04 17:44 - 00000000 ____T D:\Temp\~DFAA10699E78C4B958.TMP
2013-09-04 17:44 - 2013-09-04 17:44 - 00000000 ____T D:\Temp\~DF7B4471771CEAD1A6.TMP
2013-09-04 17:32 - 2012-08-11 23:56 - 00000269 _____ C:\.dir
2013-09-04 17:08 - 2013-09-04 17:05 - 00061440 ____T D:\Temp\~DFC77ECE7DC11644BF.TMP
2013-09-04 16:53 - 2013-02-10 21:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-04 16:41 - 2013-09-04 11:39 - 00007610 _____ D:\Temp\MpCmdRun.log
2013-09-04 16:40 - 2009-07-14 06:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-

A289-439d-8115-601632D005A0
2013-09-04 16:40 - 2009-07-14 06:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-

A289-439d-8115-601632D005A0
2013-09-04 16:38 - 2013-09-04 11:32 - 00001456 _____ D:\Temp\jusched.log
2013-09-04 16:36 - 2013-09-04 16:36 - 00032768 _____ D:\Temp\~DF48A76D8106E748FA.TMP
2013-09-04 16:36 - 2013-09-04 16:36 - 00032768 _____ D:\Temp\~DF35701226501D8245.TMP
2013-09-04 16:36 - 2013-09-04 16:36 - 00016384 _____ D:\Temp\~DF1EAD900FEB48230B.TMP
2013-09-04 16:36 - 2013-09-04 16:36 - 00000512 ____T D:\Temp\~DFBB69C022F5CAFCEA.TMP
2013-09-04 16:36 - 2013-09-04 16:36 - 00000512 ____T D:\Temp\~DF1E379E2EF9951E01.TMP
2013-09-04 16:36 - 2013-09-04 16:36 - 00000512 ____T D:\Temp\~DF11830BCA99A417AA.TMP
2013-09-04 16:36 - 2013-09-04 16:36 - 00000000 ____T D:\Temp\~DF9A0E631476299ED9.TMP
2013-09-04 16:36 - 2012-02-19 19:58 - 01847827 _____ C:\Windows\WindowsUpdate.log
2013-09-04 16:34 - 2012-04-06 21:37 - 00000000 ____D D:\Temp\Acrobat Distiller 10
2013-09-04 16:33 - 2013-09-04 16:33 - 00000000 ____D D:\Temp\WPDNSE
2013-09-04 16:33 - 2013-09-04 16:33 - 00000000 ____D D:\Temp\e4jB0DC.tmp_dir1378305187
2013-09-04 16:33 - 2013-09-04 16:33 - 00000000 _____ D:\Temp\e4jB0DC.tmp
2013-09-04 16:33 - 2013-09-04 00:52 - 00005026 _____ D:\Temp\AdobeARM.log
2013-09-04 16:33 - 2012-03-30 20:07 - 00000000 ____D D:\Temp\hsperfdata_XXXXX
2013-09-04 16:31 - 2013-09-04 16:31 - 00000000 ____D D:\Temp\e4j79A4.tmp_dir1378305107
2013-09-04 16:31 - 2013-09-04 16:31 - 00000000 _____ D:\Temp\e4j79A4.tmp
2013-09-04 16:31 - 2013-09-03 23:57 - 00000000 ____D D:\Temp\vmware-SYSTEM-1629057059
2013-09-04 16:31 - 2012-12-25 16:57 - 00025566 _____ C:\Windows\setupact.log
2013-09-04 16:31 - 2012-04-01 11:49 - 00000000 ____D D:\Temp\hsperfdata_PPPCCC$
2013-09-04 16:31 - 2012-02-20 09:05 - 00026804 _____ C:\Windows\PFRO.log
2013-09-04 16:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-04 15:12 - 2013-09-04 15:12 - 00000273 _____ D:\Temp\i4j2930729883748438166.tmp
2013-09-04 14:53 - 2012-03-28 11:34 - 00000000 ____D D:\Users\XXXXX\Documents\Outlook-Dateien
2013-09-04 12:55 - 2013-09-04 00:31 - 00009569 _____ D:\Temp\StructuredQuery.log
2013-09-04 12:40 - 2013-09-04 12:36 - 00029002 _____ D:\Temp\amt3.log
2013-09-04 12:37 - 2013-09-04 12:36 - 00002000 _____ D:\Temp\oobelib.log
2013-09-04 12:37 - 2013-09-04 11:42 - 00024498 _____ D:\Temp\PDApp.log
2013-09-04 12:36 - 2013-09-04 12:36 - 00001193 _____ D:\Temp\swtag.log
2013-09-04 12:19 - 2013-09-04 12:19 - 00000000 _____ D:\Temp\CVRAD94.tmp.cvr
2013-09-04 11:38 - 2013-09-04 11:38 - 00035224 _____ D:\Temp\i4jdel1.exe
2013-09-04 11:38 - 2013-09-04 11:38 - 00000000 ____D D:\Temp\e4jFC2.tmp_dir1378287509
2013-09-04 11:38 - 2013-09-04 11:38 - 00000000 _____ D:\Temp\e4jFC2.tmp
2013-09-04 11:37 - 2013-09-04 11:37 - 28148192 _____ D:\Users\XXXXX\Downloads\serviio-1.3.1-win-setup.exe
2013-09-04 11:35 - 2013-09-04 11:35 - 10227392 _____ D:\Users\XXXXX\Downloads\SetupAnyDVD7320.exe
2013-09-04 11:35 - 2013-08-12 10:40 - 00000999 _____ D:\Users\Public\Desktop\AnyDVD.lnk
2013-09-04 01:02 - 2013-09-04 01:02 - 00000277 _____ D:\Temp\i4j6529114285205863466.tmp
2013-09-04 00:54 - 2013-03-07 10:02 - 00000000 ____D D:\Temp\acrord32_sbx
2013-09-04 00:04 - 2013-09-03 23:36 - 00000000 ____D C:\Qoobox
2013-09-04 00:03 - 2013-09-04 00:03 - 00039585 _____ C:\ComboFix.txt
2013-09-04 00:01 - 2013-09-03 23:35 - 00000000 ____D C:\Windows\erdnt
2013-09-03 23:57 - 2013-09-03 23:57 - 00000000 ____D D:\Temp\e4j882B.tmp_dir1378245443
2013-09-03 23:57 - 2013-09-03 23:57 - 00000000 _____ D:\Temp\e4j882B.tmp
2013-09-03 23:57 - 2009-07-14 04:34 - 00000248 _____ C:\Windows\system.ini
2013-09-03 23:53 - 2013-01-18 15:32 - 00000000 ____D D:\Users\XXXXX\AppData\Roaming\VMware
2013-09-03 23:47 - 2013-09-03 08:13 - 00000000 ____D D:\Temp\e4j5761.tmp_dir1378188815
2013-09-03 23:47 - 2013-09-03 08:01 - 00000000 ____D D:\Temp\e4j7CF0.tmp_dir1378188103
2013-09-03 23:47 - 2013-07-17 11:17 - 00000000 ____D D:\Temp\Ultra$ISO
2013-09-03 23:47 - 2013-03-20 12:38 - 00000000 ____D D:\Temp\PPT8.0
2013-09-03 23:47 - 2013-01-18 15:32 - 00000000 ____D D:\Temp\vmware-XXXXX
2013-09-03 23:47 - 2013-01-18 14:58 - 00000000 ____D D:\Temp\vmware-SYSTEM
2013-09-03 23:47 - 2012-09-20 07:36 - 00000000 ____D D:\Temp\FineReader11
2013-09-03 23:47 - 2012-05-28 11:20 - 00000000 ____D D:\Temp\Word8.0
2013-09-03 23:47 - 2012-05-24 21:31 - 00000000 ____D D:\Temp\DVDVideoSoft
2013-09-03 23:47 - 2012-04-10 16:48 - 00000000 ____D D:\Temp\Excel8.0
2013-09-03 23:47 - 2012-03-28 11:34 - 00000000 ____D D:\Temp\VBE
2013-09-03 23:47 - 2012-03-28 11:33 - 00000000 ____D D:\Temp\Outlook-Protokoll
2013-09-03 23:47 - 2012-03-28 11:26 - 00000000 ____D D:\Temp\outlook logging
2013-09-03 23:11 - 2013-07-22 08:23 - 00000000 ____D D:\Temp\MPTelemetrySubmit
2013-09-03 23:08 - 2009-07-14 19:58 - 00656872 _____ C:\Windows\system32\perfh007.dat
2013-09-03 23:08 - 2009-07-14 19:58 - 00131270 _____ C:\Windows\system32\perfc007.dat
2013-09-03 23:08 - 2009-07-14 07:13 - 01507084 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-03 22:56 - 2013-09-03 22:58 - 05119472 ____R (Swearware) D:\Users\XXXXX\Desktop\ComboFix.exe
2013-09-03 22:52 - 2012-03-29 00:01 - 00000000 ____D D:\Users\XXXXX\AppData\Roaming\Skype
2013-09-03 18:02 - 2013-09-03 18:02 - 00035615 _____ D:\Users\XXXXX\Desktop\meinFRST.txt
2013-09-03 13:56 - 2012-12-13 23:02 - 00000000 ____D D:\Temp\msohtmlclip1
2013-09-03 13:08 - 2012-03-27 18:04 - 00000000 ____D D:\Users\XXXXX
2013-09-03 13:07 - 2013-09-03 13:07 - 00149891 _____ D:\Users\XXXXX\Documents\Favorites_2013-09_03.rar
2013-09-03 10:48 - 2013-09-03 10:48 - 00001692 _____ D:\Users\XXXXX\Documents\Internet Explorer 10.txt
2013-09-03 08:41 - 2013-09-03 08:42 - 01037134 _____ D:\Users\XXXXX\Desktop\adwcleaner.exe
2013-09-03 08:35 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-03 08:19 - 2012-06-20 15:42 - 00000000 ____D D:\Temp\msdt
2013-09-03 08:09 - 2013-09-03 08:04 - 00000000 ____D D:\Users\Wir\AppData\Local\Adobe
2013-09-03 08:05 - 2013-09-03 08:05 - 00000000 ____D D:\Users\Wir\AppData\Local\AMD
2013-09-03 08:05 - 2013-09-03 08:03 - 00000000 ____D D:\Users\Wir\AppData\Roaming\Adobe
2013-09-03 08:04 - 2013-09-03 08:04 - 00173760 _____ D:\Users\Wir\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-03 08:04 - 2013-09-03 08:04 - 00000000 ____D D:\Users\Wir\AppData\Roaming\ATI
2013-09-03 08:04 - 2013-09-03 08:04 - 00000000 ____D D:\Users\Wir\AppData\Local\ATI
2013-09-03 08:03 - 2013-09-03 08:01 - 00000000 ____D D:\Users\Wir
2013-09-03 08:02 - 2013-09-03 08:02 - 00000020 ___SH D:\Users\Wir\ntuser.ini
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Vorlagen
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Startmenü
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Netzwerkumgebung
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Lokale Einstellungen
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Eigene Dateien
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Druckumgebung
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Documents\Eigene Musik
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Documents\Eigene Bilder
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\AppData\Local\Verlauf
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\AppData\Local\Anwendungsdaten
2013-09-03 08:02 - 2013-09-03 08:02 - 00000000 _SHDL D:\Users\Wir\Anwendungsdaten
2013-09-03 07:56 - 2013-01-24 00:46 - 00000000 ____D C:\Windows\pss
2013-09-02 22:26 - 2013-09-02 22:16 - 00080406 _____ D:\Users\XXXXX\Desktop\Addition.txt
2013-09-02 22:18 - 2013-09-02 22:18 - 00036241 _____ D:\Users\XXXXX\Desktop\FRST_2.txt
2013-09-02 22:15 - 2013-09-02 22:15 - 00000000 ____D C:\FRST
2013-09-02 22:13 - 2013-09-02 22:14 - 01951954 _____ (Farbar) D:\Temp\FRST.tmp
2013-09-02 22:09 - 2013-09-02 22:09 - 00000478 _____ D:\Users\XXXXX\Desktop\defogger_disable.log
2013-09-02 21:50 - 2013-09-02 00:32 - 00003538 _____ D:\Users\XXXXX\Desktop\Rkill.txt
2013-09-02 21:47 - 2013-09-02 21:48 - 01898112 _____ (Bleeping Computer, LLC) D:\Users\XXXXX\Desktop\rkill.exe
2013-09-02 21:25 - 2013-09-02 21:25 - 00000000 ____D D:\Users\XXXXX\Desktop\mbam-chameleon-1.62.1.1000
2013-09-02 21:22 - 2013-09-02 21:22 - 00511801 _____ D:\Users\XXXXX\Downloads\usb.txt
2013-09-02 16:55 - 2013-09-02 21:24 - 01440846 _____ D:\Users\XXXXX\Documents\mbam-chameleon-1.62.1.1000.zip
2013-09-02 15:03 - 2013-01-17 16:46 - 00000987 _____ D:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 15:03 - 2013-01-17 16:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-02 14:59 - 2013-09-02 15:00 - 10285040 _____ (Malwarebytes Corporation                                    ) D:\Users

\XXXXX\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-02 01:22 - 2013-09-02 01:22 - 00000087 _____ D:\Users\XXXXX\Documents\333.txt
2013-09-02 00:23 - 2013-07-07 21:22 - 00000000 ____D D:\Users\XXXXX\Downloads\OTL
2013-08-15 20:08 - 2013-08-15 20:08 - 00000000 ____D D:\Temp\lilo.6576
2013-08-15 18:24 - 2013-08-14 22:59 - 00000000 ____D D:\Users\XXXXX\Documents\Route Frankreich
2013-08-15 18:10 - 2012-07-11 07:59 - 00000000 ____D C:\HDW20_TMP
2013-08-15 17:50 - 2013-08-15 17:50 - 00000000 ____D D:\Temp\HDW20_TMP
2013-08-14 22:58 - 2013-08-14 22:58 - 01183133 ____N D:\Users\XXXXX\Documents\Fahrtenplanung.zip
2013-08-14 19:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-13 22:03 - 2013-08-13 22:03 - 00000000 ____D D:\Temp\KB2840628v2_10.0.30319
2013-08-13 22:03 - 2013-07-11 09:45 - 00000000 ____D C:\Windows\system32\MRT
2013-08-13 22:00 - 2012-02-20 09:42 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-12 11:09 - 2012-07-19 16:45 - 00000000 ____D D:\Users\XXXXX\AppData\Roaming\vlc
2013-08-11 15:38 - 2013-08-11 15:38 - 00010305 _____ D:\Users\XXXXX\Documents\YYYYY.xlsx
2013-08-05 23:32 - 2013-07-26 18:15 - 00000000 ____D D:\Temp\MPInstrumentation

Files to move or delete:
====================
D:\Temp\i4jdel1.exe
D:\Temp\e4jFC2.tmp_dir1378287509\i4jdel.exe
D:\Temp\e4jB0DC.tmp_dir1378305187\i4jdel.exe
D:\Temp\e4j882B.tmp_dir1378245443\i4jdel.exe
D:\Temp\e4j79A4.tmp_dir1378305107\i4jdel.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-03 10:42

==================== End Of Log ============================

--- --- ---

--- --- ---

Viele Grüße
Almidagu

schrauber · 04.09.2013, 20:10

Zitat:

Wofür noch mal scannen?

weil es tägliche Updates gibt (MBAM mehrfach) und mir das die manuelle Scripterei vereinfacht

Also minimum bitte nen Quickscan mit MABM nach Update.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Almidagu · 05.09.2013, 08:02

Hallo @schrauber,

hier ist die Log-Datei von Malwarebytes Anti-Malware:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
XXXXX :: PPPCCC [Administrator]

Schutz: Deaktiviert

04.09.2013 22:50:12
MBAM-log-2013-09-05 (01-19-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 536689
Laufzeit: 1 Stunde(n), 42 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Die frisches FRST-Logdatei ist in der vorherigen Nachrichten.

Nochmal vielen Dank!

Grüße,
Almidagu

schrauber · 05.09.2013, 10:39

und meine neuen Anweisungen?

05.09.2013, 10:39	#10
schrauber /// the machine /// TB-Ausbilder	IE 10 speichert Seiten anstatt zu öffnen und meine neuen Anweisungen? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

IE 10 speichert Seiten anstatt zu öffnen

Plagegeister aller Art und deren Bekämpfung: IE 10 speichert Seiten anstatt zu öffnen