Holzpferd | 25.08.2013 16:30 | Hallo Schrauber,
vorab eine Frage: Ich bin mir immer unsicher, ob ich deine Anweisungen in einem Standardnutzer-Konto durchführen darf oder nicht (habe ich bisher immer so gehalten), ob ich Administratorrechte nur wenn von dir oder vom Tool angefordert nutzen soll und falls ja, ob dann SuRun-Administratorrechte (also User-Kontext) genügen. Vielleicht kannst du dazu mal was Grundsätzliches sagen.
Die neuen Logdateien und Anmerkungen dazu:
1. Malwarebytes Antimalware - - Malwarebytes 1.70 war drauf, habe ich deinstalliert;
- - Malwarebytes 1.75 neu installiert und aktualisiert bei ausgeschalteten Sicherheitsprogrammen und Firewall;
- - Entgegen der Anweisung in http://www.trojaner-board.de/51187-a...i-malware.html (zu spät nachgelesen) Vollständigen Suchlauf durchgeführt mit allen Laufwerken außer den optischen (X:\ und Y.\);
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.08.24.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Admin :: I3-PC [Administrator]
25.08.2013 01:18:09
mbam-log-2013-08-25 (01-18-09).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|O:\|P:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 686433
Laufzeit: 54 Minute(n), 29 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 3
C:\Users\siegmar\Downloads\MediaInfo_GUI_0.7.43_Windows_x64.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\siegmar\Downloads\nirsoft_package_1.17.03.zip (HackTool.Asterisk) -> Erfolgreich gelöscht und in Quarantäne gestellt.
O:\- ANWENDUNGEN groß\controlBIT Profile verschieben\win7-9924-2002-premium-dvd\Download #9924 Premium (c) 2011 controlBIT DVD Version 2.0.02\Software\GOMPLAYERENSETUP_Version_2.1.28.5039.exe (PUP.Optional.AskToolbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
2. AdwCleaner
In der Anweisung war nur die Datei [Sx].txt gefordert, weshalb ich hier nur meine S0.txt beifüge und die R0.txt weglasse. Code:
# AdwCleaner v3.001 - Report created 25/08/2013 at 03:56:20
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : siegmar - I3-PC
# Running from : C:\Users\siegmar\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DeviceVM
Folder Deleted : C:\Program Files (x86)\driver-soft
Folder Deleted : C:\Program Files (x86)\Spesoft
Folder Deleted : C:\Users\siegmar\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\siegmar\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\siegmar\AppData\LocalLow\Spesoft
[#] Folder Deleted : C:\Users\Anfangsnutzer\AppData\Local\Conduit
[#] Folder Deleted : C:\Users\Anfangsnutzer\AppData\Local\ConduitEngine
[#] Folder Deleted : C:\Users\Anfangsnutzer\AppData\Local\OpenCandy
[#] Folder Deleted : C:\Users\Anfangsnutzer\AppData\Local\PackageAware
Folder Deleted : C:\Users\silvia\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\silvia\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\silvia\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\silvia\AppData\LocalLow\Spesoft
Folder Deleted : C:\Users\Administrator.i3-PC\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Administrator.i3-PC\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\Conduit
Folder Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\Smartbar
Folder Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\CT2481020
Folder Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\CT2117678
Folder Deleted : C:\Users\siegmar\AppData\Roaming\Mozilla\Firefox\Profiles\e7qs9ka3.default\Extensions\{AA994882-F391-4D2E-806F-8908DA4814ED}
Folder Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\Extensions\{5786d022-540e-4699-b350-b4be0ae94b79}
Folder Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\Extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\searchplugins\Conduit.xml
File Deleted : C:\Users\siegmar\AppData\Roaming\Mozilla\Firefox\Profiles\e7qs9ka3.default\user.js
File Deleted : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\user.js
File Deleted : C:\Users\silvia\AppData\Roaming\Mozilla\Firefox\Profiles\7vthv3bg.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xqdcXSP_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader44761_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader44761_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_unlocker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_unlocker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94817C02-FEAC-4AA8-99D8-1CB47BF4D4C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56E054E7-C80D-4DBF-82BC-3476A96A00E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94817C02-FEAC-4AA8-99D8-1CB47BF4D4C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94817C02-FEAC-4AA8-99D8-1CB47BF4D4C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{56E054E7-C80D-4DBF-82BC-3476A96A00E7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D152AA56-FB6E-4383-9375-A8F4179D7CB4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FE62600-CFBC-4C2B-9112-AFFF5BA38987}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{94817C02-FEAC-4AA8-99D8-1CB47BF4D4C0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{94817C02-FEAC-4AA8-99D8-1CB47BF4D4C0}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Spesoft
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\eRightSoft\OpenCandy
Key Deleted : HKLM\Software\Spesoft
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spesoft Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Mozilla Firefox v23.0.1 (de)
[ File : C:\Users\siegmar\AppData\Roaming\Mozilla\Firefox\Profiles\e7qs9ka3.default\prefs.js ]
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=mcafee&p=");
[ File : C:\Users\siegmar\AppData\Roaming\Mozilla\Firefox\Profiles\e975fjdq.test\prefs.js ]
[ File : C:\Users\siegmar\AppData\Roaming\Mozilla\Firefox\Profiles\fxi46d8d.srwww\prefs.js ]
Line Deleted : user_pref("extensions.nosquint.sites", "wer-weiss-was.de=0,1372327292105,54,140,0,0,false,0,0,false wikimedia.org=0,1371024400099,42,110,0,0,false,0,0,false winload.de=0,1363564748519,26,110,0,0,false[...]
[ File : C:\Users\Anfangsnutzer\AppData\Roaming\Mozilla\Firefox\Profiles\cj2trsc3.default\prefs.js ]
Line Deleted : user_pref("CT2117678..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2117678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2117678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2117678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2117678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2117678.BrowserCompStateIsOpen_129808998463171277", true);
Line Deleted : user_pref("CT2117678.CTID", "CT2117678");
Line Deleted : user_pref("CT2117678.CurrentServerDate", "22-8-2013");
Line Deleted : user_pref("CT2117678.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2117678.DialogsGetterLastCheckTime", "Thu Aug 22 2013 16:08:11 GMT+0200");
Line Deleted : user_pref("CT2117678.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2117678.EMailNotifierPollDate", "Wed Jan 19 2011 18:09:28 GMT+0100");
Line Deleted : user_pref("CT2117678.FirstServerDate", "6-11-2010");
Line Deleted : user_pref("CT2117678.FirstTime", true);
Line Deleted : user_pref("CT2117678.FirstTimeFF3", true);
Line Deleted : user_pref("CT2117678.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2117678.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2117678.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2117678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2117678.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2117678.Initialize", true);
Line Deleted : user_pref("CT2117678.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2117678.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2117678.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2117678.InstalledDate", "Sat Nov 06 2010 10:21:29 GMT+0100");
Line Deleted : user_pref("CT2117678.InvalidateCache", false);
Line Deleted : user_pref("CT2117678.IsGrouping", false);
Line Deleted : user_pref("CT2117678.IsMulticommunity", false);
Line Deleted : user_pref("CT2117678.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2117678.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2117678.LanguagePackLastCheckTime", "Thu Aug 22 2013 16:08:11 GMT+0200");
Line Deleted : user_pref("CT2117678.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2117678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2117678.LastLogin_2.7.2.0", "Wed Jan 19 2011 16:08:23 GMT+0100");
Line Deleted : user_pref("CT2117678.LastLogin_3.12.2.3", "Sat Jul 28 2012 14:35:46 GMT+0200");
Line Deleted : user_pref("CT2117678.LastLogin_3.19.0.3", "Thu Aug 22 2013 16:08:11 GMT+0200");
Line Deleted : user_pref("CT2117678.LatestVersion", "3.19.0.3");
Line Deleted : user_pref("CT2117678.Locale", "en-us");
Line Deleted : user_pref("CT2117678.LoginCache", 4);
Line Deleted : user_pref("CT2117678.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2117678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2117678.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2117678.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2117678.RadioIsPodcast", false);
Line Deleted : user_pref("CT2117678.RadioLastCheckTime", "Wed Jan 19 2011 16:08:23 GMT+0100");
Line Deleted : user_pref("CT2117678.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2117678.RadioLastUpdateServer", "128929877726170000");
Line Deleted : user_pref("CT2117678.RadioMediaID", "9583498");
Line Deleted : user_pref("CT2117678.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2117678.RadioMenuSelectedID", "EBRadioMenu_CT21176789583498");
Line Deleted : user_pref("CT2117678.RadioStationName", "ABC%20Newsradio%20");
Line Deleted : user_pref("CT2117678.RadioStationURL", "hxxp://www.abc.net.au/streaming/newsradio.asx");
Line Deleted : user_pref("CT2117678.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2117678.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2117678&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2117678.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2117678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&q=");
Line Deleted : user_pref("CT2117678.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2117678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2117678.SearchInNewTabLastCheckTime", "Thu Aug 22 2013 16:08:10 GMT+0200");
Line Deleted : user_pref("CT2117678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT2117678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2117678.SearchProtectorToolbarDisabled", true);
Line Deleted : user_pref("CT2117678.ServiceMapLastCheckTime", "Thu Aug 22 2013 16:08:11 GMT+0200");
Line Deleted : user_pref("CT2117678.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2117678.SettingsLastCheckTime", "Thu Aug 22 2013 16:08:10 GMT+0200");
Line Deleted : user_pref("CT2117678.SettingsLastUpdate", "1377175698");
Line Deleted : user_pref("CT2117678.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2117678.ThirdPartyComponentsLastCheck", "Thu Jan 13 2011 15:43:33 GMT+0100");
Line Deleted : user_pref("CT2117678.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2117678.ToolbarDisabled", false);
Line Deleted : user_pref("CT2117678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2117678");
Line Deleted : user_pref("CT2117678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2117678.UserID", "UN83692611778116520");
Line Deleted : user_pref("CT2117678.ValidationData_Search", 1);
Line Deleted : user_pref("CT2117678.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2117678.WeatherNetwork", "");
Line Deleted : user_pref("CT2117678.WeatherPollDate", "Wed Jan 19 2011 17:45:29 GMT+0100");
Line Deleted : user_pref("CT2117678.WeatherUnit", "C");
Line Deleted : user_pref("CT2117678.alertChannelId", "522511");
Line Deleted : user_pref("CT2117678.clientLogIsEnabled", true);
Line Deleted : user_pref("CT2117678.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2117678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2117678.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2117678.initDone", true);
Line Deleted : user_pref("CT2117678.myStuffEnabled", true);
Line Deleted : user_pref("CT2117678.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2117678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2117678.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2117678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2117678.revertSettingsEnabled", true);
Line Deleted : user_pref("CT2117678.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2117678.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2117678.testingCtid", "");
Line Deleted : user_pref("CT2117678.toolbarAppMetaDataLastCheckTime", "Thu Aug 22 2013 16:08:11 GMT+0200");
Line Deleted : user_pref("CT2117678.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2319825.CTID", "CT2319825");
Line Deleted : user_pref("CT2319825.CurrentServerDate", "24-3-2011");
Line Deleted : user_pref("CT2319825.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2319825.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2319825.EMailNotifierPollDate", "Thu Mar 24 2011 16:40:58 GMT+0100");
Line Deleted : user_pref("CT2319825.FeedPollDate11908299", "Thu Mar 24 2011 16:15:57 GMT+0100");
Line Deleted : user_pref("CT2319825.FirstServerDate", "1-3-2011");
Line Deleted : user_pref("CT2319825.FirstTime", true);
Line Deleted : user_pref("CT2319825.FirstTimeFF3", true);
Line Deleted : user_pref("CT2319825.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2319825.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2319825.Initialize", true);
Line Deleted : user_pref("CT2319825.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2319825.InstalledDate", "Tue Mar 01 2011 17:37:07 GMT+0100");
Line Deleted : user_pref("CT2319825.InvalidateCache", false);
Line Deleted : user_pref("CT2319825.IsGrouping", false);
Line Deleted : user_pref("CT2319825.IsMulticommunity", false);
Line Deleted : user_pref("CT2319825.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2319825.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2319825.LanguagePackLastCheckTime", "Thu Mar 24 2011 16:15:58 GMT+0100");
Line Deleted : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2319825.LastLogin_2.7.2.0", "Thu Mar 24 2011 16:15:57 GMT+0100");
Line Deleted : user_pref("CT2319825.LatestVersion", "3.2.5.2");
Line Deleted : user_pref("CT2319825.Locale", "de");
Line Deleted : user_pref("CT2319825.LoginCache", 4);
Line Deleted : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2319825.RadioIsPodcast", false);
Line Deleted : user_pref("CT2319825.RadioLastCheckTime", "Thu Mar 24 2011 15:32:20 GMT+0100");
Line Deleted : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Line Deleted : user_pref("CT2319825.RadioMediaID", "11949532");
Line Deleted : user_pref("CT2319825.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Line Deleted : user_pref("CT2319825.RadioStationName", "1Live");
Line Deleted : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a");
Line Deleted : user_pref("CT2319825.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2319825&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");
Line Deleted : user_pref("CT2319825.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Thu Mar 24 2011 15:32:20 GMT+0100");
Line Deleted : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2319825.SettingsLastCheckTime", "Thu Mar 24 2011 15:32:19 GMT+0100");
Line Deleted : user_pref("CT2319825.SettingsLastUpdate", "1297858000");
Line Deleted : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Thu Mar 24 2011 15:32:19 GMT+0100");
Line Deleted : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
Line Deleted : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2319825.UserID", "UN36041393932531207");
Line Deleted : user_pref("CT2319825.ValidationData_Toolbar", 0);
Line Deleted : user_pref("CT2319825.WeatherNetwork", "");
Line Deleted : user_pref("CT2319825.WeatherPollDate", "Thu Mar 24 2011 16:15:58 GMT+0100");
Line Deleted : user_pref("CT2319825.WeatherUnit", "C");
Line Deleted : user_pref("CT2319825.alertChannelId", "715912");
Line Deleted : user_pref("CT2319825.clientLogIsEnabled", true);
Line Deleted : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2319825.myStuffEnabled", true);
Line Deleted : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2481020.1000082.currentList", "[{\"stationId\":\"9962\",\"url\":\"hxxp://feedlive.net/california.asx\",\"description\":\"California Rock\",\"text\":\"Californi...\",\"type\":\"STREAM\"},{[...]
Line Deleted : user_pref("CT2481020.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT2481020.1000082.localStations", "[{\"stationId\":\"8546\",\"url\":\"hxxp://stream.radio8.de:8000/live.m3u\",\"description\":\"Radio 8\",\"text\":\"Radio 8\",\"type\":\"STREAM\"},{\"statio[...]
Line Deleted : user_pref("CT2481020.1000082.nowPlaying", "{\"stationId\":\"9962\",\"url\":\"hxxp://feedlive.net/california.asx\",\"description\":\"California Rock\",\"text\":\"Californi...\",\"type\":\"STREAM\"}");
Line Deleted : user_pref("CT2481020.1000082.publisherStations", "[{\"stationId\":\"9962\",\"url\":\"hxxp://feedlive.net/california.asx\",\"description\":\"California Rock\",\"text\":\"Californi...\",\"type\":\"STREA[...]
Line Deleted : user_pref("CT2481020.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT2481020.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2481020.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2481020.FirstTime", "true");
Line Deleted : user_pref("CT2481020.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2481020.UserID", "UN87609821186406137");
Line Deleted : user_pref("CT2481020.autoDisableScopes", -1);
Line Deleted : user_pref("CT2481020.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT2481020.defaultSearch", "true");
Line Deleted : user_pref("CT2481020.embeddedsData", "[{\"appId\":\"129058856464656507\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT2481020.enableAlerts", "always");
Line Deleted : user_pref("CT2481020.enableFix404", "true");
Line Deleted : user_pref("CT2481020.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2481020.firstTimeDialogOpened", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2481020.installId", "ConduitNSISIntegration");
Line Deleted : user_pref("CT2481020.installType", "ConduitXPEIntegration");
Line Deleted : user_pref("CT2481020.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2481020.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT2481020.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2481020.keyword", true);
Line Deleted : user_pref("CT2481020.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://AshampooDE.OurToolbar.co[...]
Line Deleted : user_pref("CT2481020.openThankYouPage", "false");
Line Deleted : user_pref("CT2481020.openUninstallPage", "false");
Line Deleted : user_pref("CT2481020.search.searchAppId", "129058856464656507");
Line Deleted : user_pref("CT2481020.search.searchCount", "0");
Line Deleted : user_pref("CT2481020.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2481020.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2481020.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2481020.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2481020\"}");
Line Deleted : user_pref("CT2481020.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://AshampooDE.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT2481020.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Ashampoo DE\"}");
Line Deleted : user_pref("CT2481020.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2481020.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT2481020.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1337346386169");
Line Deleted : user_pref("CT2481020.serviceLayer_services_appTracking_lastUpdate", "1337346266927");
Line Deleted : user_pref("CT2481020.serviceLayer_services_appsMetadata_lastUpdate", "1337346266195");
Line Deleted : user_pref("CT2481020.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1337346385994");
Line Deleted : user_pref("CT2481020.serviceLayer_services_login_10.7.6.2_lastUpdate", "1337346266396");
Line Deleted : user_pref("CT2481020.serviceLayer_services_optimizer_lastUpdate", "1333847086699");
Line Deleted : user_pref("CT2481020.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1337346386018");
Line Deleted : user_pref("CT2481020.serviceLayer_services_searchAPI_lastUpdate", "1337346266566");
Line Deleted : user_pref("CT2481020.serviceLayer_services_serviceMap_lastUpdate", "1337346265884");
Line Deleted : user_pref("CT2481020.serviceLayer_services_toolbarContextMenu_lastUpdate", "1337346385956");
Line Deleted : user_pref("CT2481020.serviceLayer_services_toolbarSettings_lastUpdate", "1337346266237");
Line Deleted : user_pref("CT2481020.serviceLayer_services_translation_lastUpdate", "1337346266011");
Line Deleted : user_pref("CT2481020.settingsINI", true);
Line Deleted : user_pref("CT2481020.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2481020.smartbar.CTID", "CT2481020");
Line Deleted : user_pref("CT2481020.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2481020.smartbar.homepage", true);
Line Deleted : user_pref("CT2481020.smartbar.isHidden", true);
Line Deleted : user_pref("CT2481020.smartbar.toolbarName", "Ashampoo DE ");
Line Deleted : user_pref("CT2481020.toolbarBornServerTime", "8-4-2012");
Line Deleted : user_pref("CT2481020.toolbarCurrentServerTime", "18-5-2012");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2117678/CT2117678", "\"45da049bec9229783652907a678f2ebd3\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2117678", "\"1336426452\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"04afd94b864cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"97e416bb586ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2117678", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"8dadc1e739a8770c78e10babe6554bb8\"");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2117678,CT2319825");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2117678,CT2319825");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Mar 24 2011 15:32:19 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{d98cf821-7059-4dea-adf1-9e292beb3abd}");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Mar 24 2011 15:32:20 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "896ea3e3-be96-4182-9315-172b95dbd8be");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFSB3&ctid=CT2481020&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Ashampoo DE Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB3&ctid=CT2481020&SearchSource=2&q=");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB3&ctid=CT2481020&SearchSource=2&q=");
Line Deleted : user_pref("tfp.CT2481020", true);
[ File : C:\Users\silvia\AppData\Roaming\Mozilla\Firefox\Profiles\7vthv3bg.default\prefs.js ]
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=mcafee&p=");
[ File : C:\Users\silvia\AppData\Roaming\Mozilla\Firefox\Profiles\hup3cfe7.Standard-Benutzer\prefs.js ]
*************************
AdwCleaner[R0].txt - [32336 octets] - [25/08/2013 03:49:21]
AdwCleaner[S0].txt - [32725 octets] - [25/08/2013 03:56:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [32786 octets] ##########
3. Junkware Removal Tool
Hier war etwas Seltsames passiert, was ich bisher noch nie hatte: Nach Ausführung JRT mit den Rechten eines Administratorkontos (diesmal hatte ich ausnahmsweise nicht SuRun genommen) hatte ich plötzlich den etwas abgewandelten Desktop dieses Administrators und sein Profilbild unter START in meinem User-Konto. Das User-Konto war aber nach Neustart wieder normal. Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Professional x64
Ran by Admin on 25.08.2013 at 4:15:23,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1124670
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2117678
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2319825
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskbarHelper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskbarHelper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskman_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskman_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskbarHelper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskbarHelper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\taskman_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\taskman_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Anfangsnutzer\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Anfangsnutzer\appdata\locallow\conduitengine"
~~~ FireFox
Successfully deleted the following from C:\Users\Anfangsnutzer\AppData\Roaming\mozilla\firefox\profiles\cj2trsc3.default\prefs.js
user_pref("extensions.optimizegoogle.cookies.SafeSearch", "empty");
user_pref("extensions.optimizegoogle.cookies.enableSafeSearch", false);
Emptied folder: C:\Users\Anfangsnutzer\AppData\Roaming\mozilla\firefox\profiles\cj2trsc3.default\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.08.2013 at 4:19:15,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4. Frisches FRST log
Hier fällt mir auf, dass unter „Internet (Whitelisted)“ in der 1. Zeile steht: „ProxyServer: localhost:12080“. Ich weiß nicht, wie das zustandekommt und was das zu bedeuten hat. Ich habe nämlich in den Firefox-Einstellungen „Kein Proxy“ stehen und in den „Einstellungen für lokales Netzwerk“ keines der Kästchen (Userkonto) bzw. „Einstellungen automatisch erkennen“ (Administratorkonto) angehakt. „ProxyServer: localhost:12080“ hatte ich früher mal eingestellt, das ist aber jetzt ausgegraut.
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013
Ran by siegmar (administrator) on 25-08-2013 16:03:22
Running from C:\Users\siegmar\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun32.bin
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2009-12-08] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [SuRun Systemmenü-Erweiterung] - C:\Windows\SuRun.exe [727552 2012-01-20] (hxxp://kay-bruns.de)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [151552 2013-06-29] (IvoSoft)
HKLM\...\Run: [USB Safely Remove] - C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe [2423168 2012-05-29] (Crystal Rich Ltd)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [AlwaysMouseWheel] - O:\Zentrale Prog-Sammelstelle (exe)\AlwaysMouseWheel.exe [55808 2012-10-02] (Nenad Hrg (SoftwareOK.com))
HKCU\...\Run: [NetworkIndicator] - C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe [344064 2010-10-25] (ITSamples.com)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [DirectFolders] - C:\Program Files (x86)\Direct Folders\df.exe [272896 2010-06-03] (Code Sector Inc.)
HKLM-x32\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM-x32\...\Run: [systray] - C:\Windows\System32\systray.exe [9216 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [ZALFree] - C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [12999472 2013-07-22] (Zemana Ltd.)
HKU\Anfangsnutzer\...\Run: [AlwaysMouseWheel] - O:\Zentrale Prog-Sammelstelle (exe)\AlwaysMouseWheel.exe [55808 2012-10-02] (Nenad Hrg (SoftwareOK.com))
HKU\Anfangsnutzer\...\Run: [everything] - C:\PROGRAM FILES (X86)\EVERYTHING\EVERYTHING.EXE [602624 2009-03-13] ()
HKU\Anfangsnutzer\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner64.exe [5629720 2013-01-23] (Piriform Ltd)
HKU\silvia\...\Run: [AutoSizer] - "C:\Program Files (x86)\AutoSizer\AutoSizer.exe" [x]
HKU\silvia\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup [x]
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KeyCrypt64(1).dll [89936 2013-07-22] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KeyCrypt32(1).dll [82696 2013-07-22] (Zemana Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:12080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKCU - No Name - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
ShellExecuteHooks: SuRun Shell Extension - {2C7B6088-5A77-4d48-BE43-30337DCA9A86} - SuRunExt.dll No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\siegmar\AppData\Roaming\Mozilla\Firefox\Path=Profiles\e975fjdq.test
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=8 - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: No Name - C:\Users\siegmar\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\siegmar\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==================== Services (Whitelisted) =================
S4 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S4 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 Super User Run (SuRun) Service; C:\Windows\SuRun.exe [727552 2012-01-20] (hxxp://kay-bruns.de)
R2 USBSafelyRemoveService; C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [1473920 2012-05-29] (Crystal Rich Ltd)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-27] (Windows (R) Codename Longhorn DDK provider)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25568 2013-07-22] (Zemana Ltd.)
S3 MEMSWEEP2; C:\Windows\system32\66ED.tmp [6144 2009-06-18] (Sophos Plc)
S3 MEMSWEEP2; C:\Windows\system32\66ED.tmp [6144 2009-06-18] (Sophos Plc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 PORTMON; \??\R:\6 MH\Installation\SysinternalsSuite_0502\PORTMSYS.SYS [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-25 04:26 - 2013-08-25 04:26 - 00003195 ____C C:\Users\siegmar\Desktop\JRT.txt
2013-08-25 04:15 - 2013-08-25 04:15 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 03:49 - 2013-08-25 03:56 - 00000000 ___DC C:\AdwCleaner
2013-08-25 03:42 - 2013-08-25 03:42 - 01021434 ____C (Thisisu) C:\Users\siegmar\Desktop\JRT.exe
2013-08-25 03:41 - 2013-08-25 03:41 - 00994642 ____C C:\Users\siegmar\Desktop\adwcleaner.exe
2013-08-25 01:13 - 2013-08-25 01:13 - 00001073 ____C C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-25 01:13 - 2013-08-25 01:13 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-25 01:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-25 00:51 - 2013-08-25 00:51 - 10285040 ____C (Malwarebytes Corporation ) C:\Users\siegmar\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-24 19:37 - 2013-08-24 19:37 - 00051749 ____C C:\ComboFix.zip
2013-08-24 17:39 - 2013-08-24 17:39 - 01174464 ____C C:\ComboFix.txt
2013-08-24 17:10 - 2013-08-24 17:39 - 00000000 ___DC C:\ComboFix
2013-08-24 17:10 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-24 17:10 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-24 17:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-24 17:10 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-24 17:09 - 2013-08-24 17:39 - 00000000 ___DC C:\Qoobox
2013-08-24 16:04 - 2013-08-24 16:04 - 05111180 ___RC (Swearware) C:\Users\siegmar\Desktop\ComboFix.exe
2013-08-24 02:08 - 2013-08-24 02:09 - 00036691 ____C C:\Users\siegmar\Desktop\Addition.txt
2013-08-24 02:07 - 2013-08-24 02:07 - 00000000 ___DC C:\FRST
2013-08-23 11:53 - 2013-08-23 11:53 - 00494400 ____C (ITSTH ) C:\Users\siegmar\Downloads\WhatsMyComputerDoing_E.exe
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ___DC C:\Users\siegmar\AppData\Local\AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00001104 ____C C:\Users\Public\Desktop\AntiLogger Free.lnk
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\Zemana AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\KeyCryptSDK
2013-08-21 19:02 - 2013-07-22 18:10 - 00025568 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2013-08-21 18:29 - 2013-08-21 18:29 - 01810944 ____C C:\Users\siegmar\Downloads\MBSASetup-x64-DE.msi
2013-08-21 18:25 - 2013-08-21 18:25 - 01327120 ____C C:\Users\siegmar\Downloads\KeyScrambler_Setup.exe
2013-08-21 18:15 - 2013-08-21 18:14 - 04322816 _____ (Zemana Ltd. ) C:\Users\siegmar\Downloads\AntiLoggerFree_Setup_1.6.2.245.exe
2013-08-19 17:06 - 2013-08-19 17:06 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\Steuerfälle
2013-08-16 11:28 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-16 11:28 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-16 11:28 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-16 11:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-16 11:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-16 11:28 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-16 11:28 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-16 11:28 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-16 11:28 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-16 11:28 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-16 11:28 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-16 11:18 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 11:18 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 11:18 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-16 11:18 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 11:18 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-16 11:18 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 11:18 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 11:18 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 11:18 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 11:18 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-16 11:18 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 11:18 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 11:18 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-16 11:18 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 11:13 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-16 11:13 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-16 11:13 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-16 11:13 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-16 11:13 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-16 11:13 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-16 11:13 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-16 11:13 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-16 11:13 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-16 11:13 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-16 11:13 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-16 11:13 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-16 11:13 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 11:13 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-16 11:13 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-16 11:12 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-09 15:24 - 2013-08-09 15:24 - 00282112 ____C (Mozilla) C:\Users\siegmar\Downloads\Firefox Setup Stub 23.0.exe
2013-08-09 14:38 - 2013-08-09 14:38 - 00000093 ____C C:\Users\Public\Documents\Fehler 2203 (bei Install Classic Shell erstmals aufgetreten).txt
2013-08-09 14:13 - 2013-08-09 14:13 - 00003156 _____ C:\Windows\System32\Tasks\{2C80D82E-6EBA-454C-84A8-90FD68CDC180}
2013-08-09 13:59 - 2013-08-09 13:59 - 08437760 ____C (IvoSoft) C:\Users\siegmar\Downloads\ClassicShellSetup_3_6_8.exe
2013-08-04 14:36 - 2013-08-21 12:19 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-04 14:35 - 2013-08-04 14:35 - 00000000 ____D C:\Users\siegmar\Downloads\mbar-1.06.0.1004
2013-08-04 14:34 - 2013-08-04 14:35 - 13399154 ____C C:\Users\siegmar\Downloads\mbar-1.06.0.1004.zip
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-03 01:39 - 2013-08-03 01:39 - 00000000 ___DC C:\Program Files (x86)\Java
2013-08-03 01:38 - 2013-08-03 01:39 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21E6.tmp
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21D6.tmp
2013-08-02 22:51 - 2013-08-02 22:51 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Macromedia
2013-08-02 00:17 - 2013-08-12 09:59 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Thunderbird
2013-08-01 23:28 - 2013-08-01 23:32 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Roaming\Media Player Classic
2013-08-01 17:33 - 2013-08-01 17:33 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VS Revo Group
2013-08-01 17:26 - 2013-08-01 17:26 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Secunia PSI
2013-08-01 17:12 - 2013-08-01 17:12 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VirtualStore
2013-07-31 14:33 - 2013-08-01 23:37 - 00000000 ___DC C:\Users\Anfangsnutzer\.dvdcss
2013-07-29 10:19 - 2013-07-29 10:32 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\WPA Files
==================== One Month Modified Files and Folders =======
2013-08-25 15:56 - 2012-12-06 03:50 - 00000000 ___DC C:\Program Files (x86)\Everything
2013-08-25 12:41 - 2010-04-11 13:39 - 01238203 _____ C:\Windows\WindowsUpdate.log
2013-08-25 12:36 - 2013-08-25 12:36 - 01576506 ____C (Farbar) C:\Users\siegmar\Desktop\FRST64.exe
2013-08-25 12:36 - 2009-07-14 06:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-25 12:36 - 2009-07-14 06:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-25 12:31 - 2011-07-22 18:21 - 00000000 ___DC C:\Users\siegmar\AppData\Roaming\USBSafelyRemove
2013-08-25 12:30 - 2012-12-03 11:54 - 00018893 _____ C:\Windows\setupact.log
2013-08-25 12:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-25 04:26 - 2013-08-25 04:26 - 00003195 ____C C:\Users\siegmar\Desktop\JRT.txt
2013-08-25 04:15 - 2013-08-25 04:15 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 03:56 - 2013-08-25 03:49 - 00000000 ___DC C:\AdwCleaner
2013-08-25 03:42 - 2013-08-25 03:42 - 01021434 ____C (Thisisu) C:\Users\siegmar\Desktop\JRT.exe
2013-08-25 03:41 - 2013-08-25 03:41 - 00994642 ____C C:\Users\siegmar\Desktop\adwcleaner.exe
2013-08-25 03:28 - 2010-08-17 11:37 - 00429472 _____ C:\Windows\PFRO.log
2013-08-25 01:13 - 2013-08-25 01:13 - 00001073 ____C C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-25 01:13 - 2013-08-25 01:13 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-25 00:51 - 2013-08-25 00:51 - 10285040 ____C (Malwarebytes Corporation ) C:\Users\siegmar\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-24 19:37 - 2013-08-24 19:37 - 00051749 ____C C:\ComboFix.zip
2013-08-24 17:39 - 2013-08-24 17:39 - 01174464 ____C C:\ComboFix.txt
2013-08-24 17:39 - 2013-08-24 17:10 - 00000000 ___DC C:\ComboFix
2013-08-24 17:39 - 2013-08-24 17:09 - 00000000 ___DC C:\Qoobox
2013-08-24 17:39 - 2009-07-14 05:20 - 00000000 _RHDC C:\Users\Default
2013-08-24 17:37 - 2010-04-25 02:24 - 00000000 ____D C:\Windows\ERDNT
2013-08-24 17:34 - 2009-07-14 04:34 - 00000215 ____C C:\Windows\system.ini
2013-08-24 16:04 - 2013-08-24 16:04 - 05111180 ___RC (Swearware) C:\Users\siegmar\Desktop\ComboFix.exe
2013-08-24 12:24 - 2009-07-14 19:58 - 00855588 _____ C:\Windows\system32\perfh007.dat
2013-08-24 12:24 - 2009-07-14 19:58 - 00205000 _____ C:\Windows\system32\perfc007.dat
2013-08-24 12:24 - 2009-07-14 07:13 - 01984690 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-24 02:09 - 2013-08-24 02:08 - 00036691 ____C C:\Users\siegmar\Desktop\Addition.txt
2013-08-24 02:07 - 2013-08-24 02:07 - 00000000 ___DC C:\FRST
2013-08-23 18:16 - 2010-04-21 11:42 - 00000000 ___DC C:\Users\siegmar\Desktop\_deskcut
2013-08-23 11:53 - 2013-08-23 11:53 - 00494400 ____C (ITSTH ) C:\Users\siegmar\Downloads\WhatsMyComputerDoing_E.exe
2013-08-23 10:10 - 2010-11-05 19:06 - 00000000 ____D C:\Windows\System32\Tasks\NCH Swift Sound
2013-08-22 17:42 - 2012-08-11 02:35 - 00000782 _____ C:\Windows\regscanner.cfg
2013-08-22 17:36 - 2012-11-06 15:11 - 00000000 ___DC C:\Program Files\Microsoft Windows Performance Toolkit
2013-08-22 17:36 - 2012-11-06 15:11 - 00000000 ____D C:\Users\siegmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Windows Performance Toolkit
2013-08-22 17:04 - 2010-08-24 00:56 - 00013948 ____C C:\Users\siegmar\Desktop\DesktopOK.ini
2013-08-22 16:47 - 2013-08-22 16:47 - 00000000 ___DC C:\Users\siegmar\AppData\Local\AntiLogger Free
2013-08-22 16:42 - 2011-07-24 19:03 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Roaming\USBSafelyRemove
2013-08-22 16:39 - 2013-02-17 17:11 - 00000000 ___DC C:\Users\Anfangsnutzer\__aktuelle Probleme
2013-08-21 19:02 - 2013-08-21 19:02 - 00001104 ____C C:\Users\Public\Desktop\AntiLogger Free.lnk
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\Zemana AntiLogger Free
2013-08-21 19:02 - 2013-08-21 19:02 - 00000000 ___DC C:\Program Files (x86)\KeyCryptSDK
2013-08-21 18:29 - 2013-08-21 18:29 - 01810944 ____C C:\Users\siegmar\Downloads\MBSASetup-x64-DE.msi
2013-08-21 18:25 - 2013-08-21 18:25 - 01327120 ____C C:\Users\siegmar\Downloads\KeyScrambler_Setup.exe
2013-08-21 18:14 - 2013-08-21 18:15 - 04322816 _____ (Zemana Ltd. ) C:\Users\siegmar\Downloads\AntiLoggerFree_Setup_1.6.2.245.exe
2013-08-21 12:19 - 2013-08-04 14:36 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-21 11:27 - 2013-02-21 17:55 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\PDF-Dateien
2013-08-21 11:05 - 2013-02-04 14:42 - 00000000 ____D C:\Users\siegmar\Documents\Reg-Datei-Exporte
2013-08-21 10:54 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-08-21 10:45 - 2011-01-08 18:50 - 00000000 ____D C:\Windows\pss
2013-08-21 10:08 - 2010-01-01 02:33 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 17:53 - 2012-12-05 17:55 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-08-19 17:06 - 2013-08-19 17:06 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\Steuerfälle
2013-08-16 15:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-16 11:16 - 2013-07-11 01:40 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 11:14 - 2010-04-12 18:04 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-16 00:53 - 2012-05-23 15:08 - 00000000 ___DC C:\ProgramData\SecTaskMan
2013-08-13 15:21 - 2013-03-21 20:54 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\Neuer Ordner (4)
2013-08-12 17:25 - 2013-05-15 12:13 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-08-12 09:59 - 2013-08-02 00:17 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Thunderbird
2013-08-09 17:24 - 2010-04-16 19:40 - 00000000 ___DC C:\Program Files\Classic Shell
2013-08-09 15:50 - 2011-07-25 01:52 - 00000000 ____D C:\Users\silvia\AppData\Roaming\USBSafelyRemove
2013-08-09 15:24 - 2013-08-09 15:24 - 00282112 ____C (Mozilla) C:\Users\siegmar\Downloads\Firefox Setup Stub 23.0.exe
2013-08-09 14:43 - 2012-07-05 07:51 - 00000000 ___DC C:\Users\siegmar\__Aktuelle Probleme
2013-08-09 14:38 - 2013-08-09 14:38 - 00000093 ____C C:\Users\Public\Documents\Fehler 2203 (bei Install Classic Shell erstmals aufgetreten).txt
2013-08-09 14:13 - 2013-08-09 14:13 - 00003156 _____ C:\Windows\System32\Tasks\{2C80D82E-6EBA-454C-84A8-90FD68CDC180}
2013-08-09 13:59 - 2013-08-09 13:59 - 08437760 ____C (IvoSoft) C:\Users\siegmar\Downloads\ClassicShellSetup_3_6_8.exe
2013-08-07 19:10 - 2010-04-12 17:52 - 08126464 _____ C:\Users\Anfangsnutzer\ntuser.bak
2013-08-07 19:10 - 2010-04-12 17:52 - 00000000 ___DC C:\Users\Anfangsnutzer
2013-08-07 19:10 - 2009-07-14 04:34 - 80216064 _____ C:\Windows\system32\config\software.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 28573696 _____ C:\Windows\system32\config\system.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 04718592 _____ C:\Windows\system32\config\default.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-08-07 19:10 - 2009-07-14 04:34 - 00131072 _____ C:\Windows\system32\config\sam.bak
2013-08-07 10:39 - 2011-04-11 16:26 - 00000000 ___DC C:\ProgramData\AAV
2013-08-04 14:35 - 2013-08-04 14:35 - 00000000 ____D C:\Users\siegmar\Downloads\mbar-1.06.0.1004
2013-08-04 14:35 - 2013-08-04 14:34 - 13399154 ____C C:\Users\siegmar\Downloads\mbar-1.06.0.1004.zip
2013-08-04 14:29 - 2010-10-07 16:36 - 00000000 __RDC C:\Users\siegmar\Desktop\_Aktuell
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-03 01:39 - 2013-08-03 01:39 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-03 01:39 - 2013-08-03 01:39 - 00000000 ___DC C:\Program Files (x86)\Java
2013-08-03 01:39 - 2013-08-03 01:38 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-03 01:39 - 2012-05-22 15:30 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-03 01:39 - 2010-07-29 17:42 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21E6.tmp
2013-08-03 01:38 - 2013-08-03 01:38 - 00000000 _____ C:\Windows\SysWOW64\REN21D6.tmp
2013-08-02 23:06 - 2010-06-23 01:28 - 00000000 ___DC C:\Users\Administrator
2013-08-02 22:51 - 2013-08-02 22:51 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Macromedia
2013-08-02 09:01 - 2010-04-13 07:07 - 00192648 ____C C:\Users\Anfangsnutzer\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-01 23:39 - 2011-02-05 15:01 - 00000000 __RDC C:\Users\Anfangsnutzer\.smplayer
2013-08-01 23:37 - 2013-07-31 14:33 - 00000000 ___DC C:\Users\Anfangsnutzer\.dvdcss
2013-08-01 23:32 - 2013-08-01 23:28 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Roaming\Media Player Classic
2013-08-01 17:33 - 2013-08-01 17:33 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VS Revo Group
2013-08-01 17:26 - 2013-08-01 17:26 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Secunia PSI
2013-08-01 17:12 - 2013-08-01 17:12 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\VirtualStore
2013-08-01 08:50 - 2010-04-20 10:49 - 00000000 ___DC C:\Users\siegmar\AppData\Roaming\ATViewer
2013-08-01 01:07 - 2010-09-14 17:49 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Google
2013-07-31 17:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-31 06:57 - 2012-11-01 16:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-30 01:19 - 2012-11-01 16:17 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-30 01:19 - 2012-04-11 16:54 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-30 01:19 - 2011-06-23 19:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-30 01:19 - 2010-06-02 12:32 - 00000000 ___DC C:\Users\Anfangsnutzer\AppData\Local\Adobe
2013-07-29 10:32 - 2013-07-29 10:19 - 00000000 ___DC C:\Users\Anfangsnutzer\Documents\WPA Files
2013-07-28 02:25 - 2010-08-10 10:22 - 00000000 ____D C:\Users\siegmar\dwhelper
2013-07-28 01:29 - 2011-01-26 12:42 - 00000000 ___DC C:\Users\siegmar\.smplayer
2013-07-26 07:13 - 2013-08-16 11:18 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-16 11:18 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-16 11:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-16 11:18 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-16 11:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-16 11:18 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-16 11:18 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-16 11:18 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-16 11:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-16 11:18 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-16 11:18 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-16 11:18 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-16 11:18 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-16 11:18 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
Files to move or delete:
====================
C:\Users\siegmar\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-22 18:37
==================== End Of Log ============================ --- --- ---
Den Tab "Fix" habe ich nicht benutzt, da ich keine Anweisung dazu hatte.
5. Ergebnis
Der WinPatrol New Program Alert „Systray .exe stub“ taucht immer noch auf. |