|
Log-Analyse und Auswertung: I have net ProblemWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.09.2013, 11:58 | #1 |
| I have net Problem Hallo, ich reihe mich hier mal in die Liste ein. Habe auch schon ein Log mit FRST erstellt. Vielen Dank das Ihr uns so schnell helft. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 01 Ran by reibol (administrator) on REIBOL-WIN7 on 03-09-2013 12:47:52 Running from C:\Users\reibol\Desktop\Reinigungstools Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ACD Systems, Ltd.) C:\Program Files (x86)\Common Files\ACD Systems\DE\DevDetect.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11774568 2011-01-13] (Realtek Semiconductor) HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 HKCU\...\Run: [Device Detector] - DevDetect.exe -autorun [x] HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x] HKCU\...\Run: [VLRMXMLD] - C:\Users\reibol\AppData\Roaming\sscorea.dll [458752 2013-08-25] () HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-27] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.) HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] () HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxp://mail.google.com/mail/&scc=1<mpl=googlemail HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default FF Homepage: www.googlemail.com FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Visualisateur 3D de 20-20 - C:\Users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default\Extensions\2020Player_IKEA@2020Technologies.com FF Extension: Set UA to 9 - C:\Users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default\Extensions\jid0-ytzHEtx6J5gsPC9Bz9ph8y2CoB0@jetpack FF Extension: No Name - C:\Users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-02] (Avira Operations GmbH & Co. KG) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-03 12:36 - 2013-09-03 12:36 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-03 12:35 - 2013-09-03 12:36 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-03 12:35 - 2013-09-03 12:36 - 00000000 ____D C:\Program Files\iTunes 2013-09-03 12:35 - 2013-09-03 12:36 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-03 12:35 - 2013-09-03 12:35 - 00000000 ____D C:\Program Files\iPod 2013-09-03 12:32 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2013-09-03 12:32 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2013-09-03 12:32 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2013-09-03 12:31 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-09-03 12:31 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-09-03 12:31 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-09-03 12:31 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-09-03 12:31 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-09-03 12:31 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-09-03 12:31 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-09-03 12:31 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2013-09-03 12:31 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2013-09-03 12:31 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys 2013-09-03 12:31 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2013-09-03 12:31 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2013-09-03 12:31 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2013-09-03 12:31 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2013-09-03 12:31 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2013-09-03 12:31 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2013-09-03 12:31 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2013-09-03 12:31 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2013-09-03 12:31 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2013-09-03 12:31 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2013-09-03 12:31 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2013-09-03 12:31 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2013-09-03 12:31 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2013-09-03 12:31 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2013-09-03 12:31 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2013-09-03 12:31 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2013-09-03 12:31 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2013-09-03 12:31 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2013-09-03 12:31 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2013-09-03 12:30 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2013-09-03 12:30 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2013-09-02 12:42 - 2013-09-02 12:42 - 00000626 _____ C:\Users\reibol\Desktop\JRT.txt 2013-09-02 12:03 - 2013-09-02 12:03 - 00000000 ____D C:\FRST 2013-09-02 11:51 - 2013-09-02 11:51 - 00000000 ____D C:\Windows\ERUNT 2013-09-02 11:35 - 2013-09-02 12:36 - 00000000 ____D C:\AdwCleaner 2013-09-02 11:13 - 2013-09-02 11:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-29 20:28 - 2013-08-29 20:28 - 02092792 _____ C:\Users\reibol\Downloads\avira_free_antivirus(2).exe 2013-08-25 10:39 - 2013-08-25 10:39 - 00458752 __RSH C:\Users\reibol\AppData\Roaming\sscorea.dll 2013-08-16 03:07 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-16 03:07 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-16 03:07 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-16 03:07 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-16 03:07 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-16 03:07 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-16 03:07 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-16 03:07 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-16 03:07 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-16 03:07 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-16 03:07 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-16 03:07 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-15 07:26 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-15 07:26 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-15 07:26 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-15 07:26 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-15 07:26 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-15 07:26 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-15 07:26 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-15 07:26 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-15 07:21 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-15 07:21 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-15 07:21 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-15 07:21 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-15 07:21 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-15 07:21 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-15 07:21 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-15 07:21 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-15 07:21 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-15 07:21 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-15 07:21 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-15 07:21 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-15 07:21 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-15 07:21 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-15 07:21 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-15 07:21 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-15 07:21 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-15 07:21 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-15 07:21 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys ==================== One Month Modified Files and Folders ======= 2013-09-03 12:45 - 2013-09-03 12:45 - 00000000 ____D C:\Users\reibol\Desktop\Reinigungstools 2013-09-03 12:42 - 2011-08-17 16:08 - 00186558 _____ C:\Windows\PFRO.log 2013-09-03 12:42 - 2011-07-28 17:46 - 00023803 _____ C:\Windows\setupact.log 2013-09-03 12:42 - 2011-07-28 10:39 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-03 12:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-03 12:42 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-03 12:42 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-03 12:41 - 2011-07-28 10:35 - 01316108 _____ C:\Windows\WindowsUpdate.log 2013-09-03 12:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-09-03 12:36 - 2013-09-03 12:36 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-03 12:36 - 2013-09-03 12:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-03 12:36 - 2013-09-03 12:35 - 00000000 ____D C:\Program Files\iTunes 2013-09-03 12:36 - 2013-09-03 12:35 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-03 12:35 - 2013-09-03 12:35 - 00000000 ____D C:\Program Files\iPod 2013-09-03 12:30 - 2013-03-09 17:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-03 12:28 - 2011-02-10 21:25 - 00654602 _____ C:\Windows\system32\perfh007.dat 2013-09-03 12:28 - 2011-02-10 21:25 - 00130216 _____ C:\Windows\system32\perfc007.dat 2013-09-03 12:28 - 2009-07-14 07:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-03 12:01 - 2011-07-28 10:39 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-02 14:50 - 2013-05-06 12:55 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-09-02 14:50 - 2013-03-28 08:15 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-09-02 14:50 - 2013-03-28 08:15 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-09-02 12:42 - 2013-09-02 12:42 - 00000626 _____ C:\Users\reibol\Desktop\JRT.txt 2013-09-02 12:36 - 2013-09-02 11:35 - 00000000 ____D C:\AdwCleaner 2013-09-02 12:03 - 2013-09-02 12:03 - 00000000 ____D C:\FRST 2013-09-02 11:51 - 2013-09-02 11:51 - 00000000 ____D C:\Windows\ERUNT 2013-09-02 11:13 - 2013-09-02 11:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-09-02 11:13 - 2013-05-18 13:05 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-09-02 11:13 - 2013-05-18 13:05 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-09-02 11:13 - 2011-03-15 00:20 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-09-02 11:13 - 2011-03-15 00:20 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-09-02 11:13 - 2011-02-10 22:50 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-30 12:23 - 2013-03-30 17:23 - 00068608 ___SH C:\Users\reibol\Desktop\Thumbs.db 2013-08-30 12:21 - 2012-03-24 15:31 - 00000000 ____D C:\Users\reibol\Desktop\Bild 2013-08-29 20:28 - 2013-08-29 20:28 - 02092792 _____ C:\Users\reibol\Downloads\avira_free_antivirus(2).exe 2013-08-28 18:28 - 2012-05-09 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-26 13:35 - 2013-06-26 10:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-26 13:33 - 2011-08-01 10:45 - 00000000 ____D C:\Users\reibol\AppData\Roaming\SoftGrid Client 2013-08-25 10:39 - 2013-08-25 10:39 - 00458752 __RSH C:\Users\reibol\AppData\Roaming\sscorea.dll 2013-08-22 21:00 - 2011-09-25 12:05 - 00000000 ____D C:\Users\reibol\Desktop\nb 2013-08-22 20:50 - 2011-07-28 12:04 - 00000000 ____D C:\Users\reibol\Documents\Nico 2013-08-21 13:31 - 2013-03-09 17:06 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-21 13:31 - 2013-03-09 17:06 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-21 13:31 - 2011-09-02 17:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-16 04:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-08-16 03:03 - 2013-07-29 03:00 - 00000000 ____D C:\Windows\system32\MRT 2013-08-16 03:01 - 2011-02-10 22:56 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Files to move or delete: ==================== C:\Users\reibol\AppData\Local\Temp\install_reader10_de_mssa_aih.exe C:\Users\reibol\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\reibol\AppData\Local\Temp\Quarantine.exe C:\Users\reibol\AppData\Local\Temp\SkypeSetup.exe C:\Users\reibol\AppData\Local\Temp\za19lp1_.dll C:\Users\reibol\AppData\Local\Temp\~nsu.tmp\Au_.exe C:\Users\reibol\AppData\Local\Temp\_tempLSB\_instLSB.exe C:\Users\reibol\AppData\Local\Temp\TeamViewer\Version5\TeamViewer_.exe C:\Users\reibol\AppData\Local\Temp\SDIAG_9bf68f53-ac5f-4f8b-ae95-cc4e69661b23\DiagPackage.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\avmres.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\avwebloader.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\avwebloader.exe C:\Users\reibol\AppData\Local\Temp\RarSFX0\avwebloadergui.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\msvcp100.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\msvcr100.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\rcimage.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\rcnwload_ar.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\rcNwLoad_de.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\rcnwload_en.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\rcnwload_es.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\rcNwLoad_fr.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\rcNwLoad_it.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\rcNwLoad_jp.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\rcNwLoad_ko.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\rcnwload_nl.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\rcNwLoad_pt.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\rcNwLoad_ru.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\rcnwload_tr.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\rcNwLoad_zhcn.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\rcNwLoad_zhtw.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\scewxmlw.dll C:\Users\reibol\AppData\Local\Temp\RarSFX0\update.dll C:\Users\reibol\AppData\Local\Temp\MSS\3.0.318.3\mcbrwsr2.dll C:\Users\reibol\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes.dll C:\Users\reibol\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes_LD.dll C:\Users\reibol\AppData\Local\Temp\MSS\3.0.318.3\McInstallerStartup.dll C:\Users\reibol\AppData\Local\Temp\MSS\3.0.318.3\McUICnt.exe C:\Users\reibol\AppData\Local\Temp\MSS\3.0.318.3\SecurityScanner.dll C:\Users\reibol\AppData\Local\Temp\jrt\erunt\ERUNT.EXE C:\Users\reibol\AppData\Local\Temp\ICReinstall\cnet_iview430_setup_exe.exe C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\access.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ace.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ace_SSL.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ACMD.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ACMDLib.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\AlgJpeg.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ALGlog.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ALGMPR.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ALGPDM.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ALGSLC.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\App.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\arc.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\atl90.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\Audit.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\AWIN.DLL C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\AWINLib.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\B3D.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\CCW.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\CDMI.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\CFG.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\CFGLib.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\CfgSynonym.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\CINE.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\clar.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\clftp.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\CMPRS.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\com.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\conf.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\conn.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\Connapp.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\Context.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\Crypt.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ddp.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\DevComponents.DotNetBar2.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\DevExpress.Data.v9.2.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\DevExpress.OfficeSkins.v9.2.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\DevExpress.Utils.v9.2.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\DevExpress.XtraBars.v9.2.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\DevExpress.XtraEditors.v9.2.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\DevExpress.XtraGrid.v9.2.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\dicom.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\DIDB.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\disk.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\DLG.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\DM.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\DS.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\DSEL.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\DSELLib.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\EXP.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\EXPT.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\FILM.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\FP.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\GDS.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\gh.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\GHVIEW.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\GM.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\GRA.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\GRAP.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\GSI.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\GSIP.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\I18n.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ICN.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\IGA.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\IGALib.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\IMG.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\IMGT.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\IOD.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\IPC.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\IP_3D.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\IP_Core.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\IP_DEFS.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\IP_GS.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\IP_Obl.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\IP_types.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\IP_UTILS.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\IP_VOLR.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\IP_ZOOM.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ITOBL.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ITPAL.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ITRGB.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\LDR.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\LDRC.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\libeay32.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\LM2.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\LNG.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\LNGM.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\LNK.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\LoaderExe.exe C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\Mammo.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\Mem.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\mfc90.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\mfc90CHS.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\mfc90CHT.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\mfc90DEU.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\mfc90ENU.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\mfc90ESN.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\mfc90ESP.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\mfc90FRA.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\mfc90ITA.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\mfc90JPN.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\mfc90KOR.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\mfc90u.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\mfcm90.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\mfcm90u.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\MINFRA.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\mla.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\mp.exe C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\MPAlgEng.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\MPRis.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\MsgAPI.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\msvcm90.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\msvcp90.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\msvcr90.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\MWF.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\MXL.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\Oblique.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\Palette.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\PD.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\PGI.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\PM.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\PMUI.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\PNL.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\QE.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\QELib.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\QM.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\Rel.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\Relp.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\REPCOM.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\REPEDIT.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\REPINFRA.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\REPMAIN.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\REPSTOR.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\REPUI.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\RGB.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\SCC.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\SCL.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\SCMD.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\SCMDLib.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\SCN.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\secm.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\SECMCOM.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\SECMCOMLib.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\SecmSrv.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\SH.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\SM.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\SMLib.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\SPA.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\SPAP.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\SR.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ssleay32.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ssubtmr.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\StateMachine.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\std312d.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\svc.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\TCO.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\THBRes25.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\thr12d.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ThreadTools.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\TIS.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\TISSUE.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\tls7012d.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\tmr.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\TNL.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\Tool.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\Translate.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\Tree.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\UI.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\UILib.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\UP.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\UPLib.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\util_infra.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\UTL.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\UTL2.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\UTL2Lib.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\vbalhook.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\Viewer.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\wf.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\WIN.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\WL.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\WLLib.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\WLP.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\WLPP.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\WND.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\WNDA.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\WNDM.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\Xalan-C_1_10.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\XalanMessages_1_10.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\xerces-c_2_7.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\XNODE.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\XNODELib.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\zlibwapi.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\zh-TW\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\zh-CN\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\tr-TR\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\sv-SE\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\sr-Latn-CS\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\sl-SI\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\sk-SK\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ru-RU\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ro-RO\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\pt-PT\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\pt-BR\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\pl-PL\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\nl-NL\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\nb-NO\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ko-KR\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ja-JP\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\it-IT\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\hu-HU\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\hr-HR\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\he-IL\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\fr-FR\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\fi-FI\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\es-MX\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\es-ES\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\el-GR\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\de-DE\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\da-DK\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\cs-CZ\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\Carestream\TMP.1\MP\ar-SA\LNGM.resources.dll C:\Users\reibol\AppData\Local\Temp\C496.dir\InstallFlashPlayer.exe C:\Users\reibol\AppData\Local\Temp\AIH.2f398ad9c5dec1e8678b3f23a904d4806318a452\downloader.dll C:\Users\reibol\AppData\Local\Temp\AIH.2f398ad9c5dec1e8678b3f23a904d4806318a452\launcher.dll C:\Users\reibol\AppData\Local\Temp\._msige60\GoogleEarth.exe C:\Users\reibol\AppData\Local\Temp\._msige60\program files\Google\Google Earth\plugin\earthps.dll C:\Users\reibol\AppData\Local\Temp\._msige60\program files\Google\Google Earth\plugin\geplugin.exe C:\Users\reibol\AppData\Local\Temp\._msige60\program files\Google\Google Earth\plugin\ge_expat.dll C:\Users\reibol\AppData\Local\Temp\._msige60\program files\Google\Google Earth\plugin\googleearth_free.dll C:\Users\reibol\AppData\Local\Temp\._msige60\program files\Google\Google Earth\plugin\msvcp80.dll C:\Users\reibol\AppData\Local\Temp\._msige60\program files\Google\Google Earth\plugin\msvcr80.dll C:\Users\reibol\AppData\Local\Temp\._msige60\program files\Google\Google Earth\plugin\npgeplugin.dll C:\Users\reibol\AppData\Local\Temp\._msige60\program files\Google\Google Earth\plugin\plugin_ax.dll C:\Users\reibol\AppData\Local\Temp\._msige60\program files\Google\Google Earth\client\earthflashsol.exe C:\Users\reibol\AppData\Local\Temp\._msige60\program files\Google\Google Earth\client\earthps.dll C:\Users\reibol\AppData\Local\Temp\._msige60\program files\Google\Google Earth\client\ge_expat.dll C:\Users\reibol\AppData\Local\Temp\._msige60\program files\Google\Google Earth\client\googleearth.exe C:\Users\reibol\AppData\Local\Temp\._msige60\program files\Google\Google Earth\client\googleearth_free.dll C:\Users\reibol\AppData\Local\Temp\._msige60\program files\Google\Google Earth\client\gpsbabel.exe C:\Users\reibol\AppData\Local\Temp\._msige60\program files\Google\Google Earth\client\msvcp80.dll C:\Users\reibol\AppData\Local\Temp\._msige60\program files\Google\Google Earth\client\msvcr80.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-01 00:46 ==================== End Of Log ============================ |
03.09.2013, 12:00 | #2 |
/// TB-Ausbilder | I have net Problem Hi,
__________________kannst du bitte auch noch die Addition.txt posten, welche FRST erstellt hat? Scan mit Combofix
__________________ |
03.09.2013, 12:18 | #3 |
| I have net Problem Hallo,
__________________die Addition.txt wurde nicht erstellt bzw. konnte ich nicht auf dem Rechner finden. Anbei das Combofix Log. Combofix Logfile: Code:
ATTFilter ComboFix 13-09-02.02 - reibol 03.09.2013 13:07:29.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4078.2446 [GMT 2:00] ausgeführt von:: c:\users\reibol\Desktop\Reinigungstools\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\reibol\AppData\Roaming\sscorea.dll c:\users\reibol\Documents\~WRL0002.tmp . . ((((((((((((((((((((((( Dateien erstellt von 2013-08-03 bis 2013-09-03 )))))))))))))))))))))))))))))) . . 2013-09-03 11:12 . 2013-09-03 11:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-03 10:35 . 2013-09-03 10:35 -------- d-----w- c:\program files\iPod 2013-09-03 10:35 . 2013-09-03 10:36 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-03 10:35 . 2013-09-03 10:36 -------- d-----w- c:\program files\iTunes 2013-09-03 10:35 . 2013-09-03 10:36 -------- d-----w- c:\program files (x86)\iTunes 2013-09-03 10:32 . 2012-08-23 15:09 3584 ----a-w- c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui 2013-09-03 10:32 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2013-09-03 10:32 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2013-09-03 10:32 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2013-09-03 10:30 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2013-09-03 10:30 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2013-09-02 10:03 . 2013-09-02 10:03 -------- d-----w- C:\FRST 2013-09-02 09:51 . 2013-09-02 09:51 -------- d-----w- c:\windows\ERUNT 2013-09-02 09:35 . 2013-09-02 10:36 -------- d-----w- C:\AdwCleaner 2013-09-02 09:13 . 2013-09-02 09:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-08-15 05:26 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll 2013-08-15 05:26 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-15 05:26 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-08-15 05:26 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-15 05:26 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-08-15 05:26 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-08-15 05:26 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-08-15 05:26 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-02 12:50 . 2013-05-06 10:55 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-09-02 12:50 . 2013-03-28 06:15 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-09-02 12:50 . 2013-03-28 06:15 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-09-02 09:13 . 2013-05-18 11:05 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-09-02 09:13 . 2011-02-10 20:50 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-08-21 11:31 . 2013-03-09 15:06 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-08-21 11:31 . 2011-09-02 15:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-16 01:01 . 2011-02-10 20:56 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-07-09 04:45 . 2013-08-15 05:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Device Detector"="DevDetect.exe -autorun" [X] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-27 336384] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-02 347192] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 netr7364;USB-Drahtlos-LAN-Kartentreiber für Vista von ASUS;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x] R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . Inhalt des "geplante Tasks" Ordners . 2013-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-09 11:31] . 2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 08:39] . 2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 08:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11774568] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxp://mail.google.com/mail/&scc=1<mpl=googlemail mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default\ FF - prefs.js: browser.startup.homepage - www.googlemail.com FF - ExtSQL: 2013-09-02 12:21; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe Wow6432Node-HKCU-Run-VLRMXMLD - c:\users\reibol\AppData\Roaming\sscorea.dll HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.032" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.ani" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.arw" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.bay" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.bmp" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.bw" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.cr2" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.crw" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.cs1" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.cur" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.dcr" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.dcx" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.dib" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.djv" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.djvu" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.dng" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.emf" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.eps" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.erf" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.fff" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.fpx" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.gif" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.hdr" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.icl" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.icn" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.ico" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.iff" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.ilbm" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.int" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.inta" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.iw4" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.j2c" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.j2k" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.jfif" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.jif" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.jp2" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.jpc" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.jpe" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.jpeg" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.jpg" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.jpk" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.jpx" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.lbm" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.mef" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.mos" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.mrw" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.nef" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.orf" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.pbm" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.pcd" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.pct" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.pcx" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.pef" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.pgm" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.pic" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.pict" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.pix" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.png" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.ppm" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.psd" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.psp" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.pspimage" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.raf" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.ras" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.raw" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.rgb" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.rgba" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.rle" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.rsb" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.sgi" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.sr2" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.srf" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.tga" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.thm" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.tif" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.tiff" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.ttc" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.ttf" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.v20po" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.v20pp" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.v20ppf" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.wbm" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.wbmp" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.wmf" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.xbm" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.xif" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.xmp" . [HKEY_USERS\S-1-5-21-1245954886-1163044086-764152996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.0.xpm" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-09-03 13:15:07 ComboFix-quarantined-files.txt 2013-09-03 11:15 . Vor Suchlauf: 11 Verzeichnis(se), 1.315.608.707.072 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 1.316.595.843.072 Bytes frei . - - End Of File - - 64CE3DCBAB6EA8D71CCC59E966DD9891 |
03.09.2013, 12:23 | #4 |
/// TB-Ausbilder | I have net Problem Ok. Ist das Ihavenet-Problem nach einem Neustart weg? Schritt 1 ESET Online Scanner
Schritt 2 Starte noch einmal FRST.
__________________ cheers, Leo |
03.09.2013, 12:34 | #5 |
| I have net Problem Hi Leo, habe nun ein paar Suchanfragen nach Neustart gemacht - es scheint weg zu sein.... Soll ich die weiteren Test noch durchführen? |
03.09.2013, 12:43 | #6 |
/// TB-Ausbilder | I have net Problem Ja, diese beiden Schritte auch noch ausführen zur allgemeinen Kontrolle.
__________________ --> I have net Problem |
03.09.2013, 15:21 | #7 |
| I have net Problem Hallo, hat etwas gedauert aber hier das Eset Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=01d8bdda05d77748bba03145b2919033 # engine=14992 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-09-03 02:12:51 # local_time=2013-09-03 04:12:51 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 96 15384 148888876 5136 0 # compatibility_mode=5893 16776574 100 94 3962743 129847421 0 0 # scanned=197587 # found=1 # cleaned=0 # scan_time=9225 sh=69BFF26126A47F88B7E5D023D181B06CF26538F5 ft=1 fh=6941625195509451 vn="a variant of Win32/Ponmocup.HR trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\reibol\AppData\Roaming\sscorea.dll.vir" FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 01 Ran by reibol (administrator) on REIBOL-WIN7 on 03-09-2013 16:20:46 Running from C:\Users\reibol\Desktop\Reinigungstools Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ACD Systems, Ltd.) C:\Program Files (x86)\Common Files\ACD Systems\DE\DevDetect.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11774568 2011-01-13] (Realtek Semiconductor) HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Run: [Device Detector] - DevDetect.exe -autorun [x] HKCU\...\Policies\Explorer: [NoDrives] 0 HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-27] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.) HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxp://mail.google.com/mail/&scc=1<mpl=googlemail StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default FF Homepage: www.googlemail.com FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Visualisateur 3D de 20-20 - C:\Users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default\Extensions\2020Player_IKEA@2020Technologies.com FF Extension: Set UA to 9 - C:\Users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default\Extensions\jid0-ytzHEtx6J5gsPC9Bz9ph8y2CoB0@jetpack FF Extension: No Name - C:\Users\reibol\AppData\Roaming\Mozilla\Firefox\Profiles\54u9zlzc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-02] (Avira Operations GmbH & Co. KG) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-03 13:06 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-03 13:06 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-03 13:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-03 13:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-03 13:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-03 13:06 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-03 13:06 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-03 13:06 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-03 13:05 - 2013-09-03 13:15 - 00000000 ____D C:\Qoobox 2013-09-03 13:05 - 2013-09-03 13:14 - 00000000 ____D C:\Windows\erdnt 2013-09-03 12:45 - 2013-09-03 16:20 - 00000000 ____D C:\Users\reibol\Desktop\Reinigungstools 2013-09-03 12:36 - 2013-09-03 12:36 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-03 12:35 - 2013-09-03 12:36 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-03 12:35 - 2013-09-03 12:36 - 00000000 ____D C:\Program Files\iTunes 2013-09-03 12:35 - 2013-09-03 12:36 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-03 12:35 - 2013-09-03 12:35 - 00000000 ____D C:\Program Files\iPod 2013-09-03 12:32 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2013-09-03 12:32 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2013-09-03 12:32 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2013-09-03 12:31 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-09-03 12:31 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-09-03 12:31 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-09-03 12:31 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-09-03 12:31 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-09-03 12:31 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-09-03 12:31 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-09-03 12:31 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2013-09-03 12:31 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2013-09-03 12:31 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys 2013-09-03 12:31 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2013-09-03 12:31 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2013-09-03 12:31 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2013-09-03 12:31 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2013-09-03 12:31 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2013-09-03 12:31 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2013-09-03 12:31 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2013-09-03 12:31 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2013-09-03 12:31 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2013-09-03 12:31 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2013-09-03 12:31 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2013-09-03 12:31 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2013-09-03 12:31 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2013-09-03 12:31 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2013-09-03 12:31 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2013-09-03 12:31 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2013-09-03 12:31 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2013-09-03 12:31 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2013-09-03 12:31 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2013-09-03 12:30 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2013-09-03 12:30 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2013-09-02 12:03 - 2013-09-02 12:03 - 00000000 ____D C:\FRST 2013-09-02 11:51 - 2013-09-02 11:51 - 00000000 ____D C:\Windows\ERUNT 2013-09-02 11:35 - 2013-09-02 12:36 - 00000000 ____D C:\AdwCleaner 2013-09-02 11:13 - 2013-09-02 11:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-29 20:28 - 2013-08-29 20:28 - 02092792 _____ C:\Users\reibol\Downloads\avira_free_antivirus(2).exe 2013-08-16 03:07 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-16 03:07 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-16 03:07 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-16 03:07 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-16 03:07 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-16 03:07 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-16 03:07 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-16 03:07 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-16 03:07 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-16 03:07 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-16 03:07 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-16 03:07 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-16 03:07 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-16 03:07 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-15 07:26 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-15 07:26 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-15 07:26 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-15 07:26 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-15 07:26 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-15 07:26 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-15 07:26 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-15 07:26 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-15 07:21 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-15 07:21 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-15 07:21 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-15 07:21 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-15 07:21 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-15 07:21 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-15 07:21 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-15 07:21 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-15 07:21 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-15 07:21 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-15 07:21 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-15 07:21 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-15 07:21 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-15 07:21 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-15 07:21 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-15 07:21 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-15 07:21 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-15 07:21 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-15 07:21 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys ==================== One Month Modified Files and Folders ======= 2013-09-03 16:20 - 2013-09-03 12:45 - 00000000 ____D C:\Users\reibol\Desktop\Reinigungstools 2013-09-03 16:01 - 2011-07-28 10:39 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-03 15:30 - 2013-03-09 17:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-03 13:35 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-03 13:35 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-03 13:34 - 2013-09-03 13:34 - 00000000 ____D C:\Program Files (x86)\ESET 2013-09-03 13:31 - 2011-07-28 10:35 - 01322821 _____ C:\Windows\WindowsUpdate.log 2013-09-03 13:27 - 2011-08-17 16:08 - 00187572 _____ C:\Windows\PFRO.log 2013-09-03 13:27 - 2011-07-28 17:46 - 00023859 _____ C:\Windows\setupact.log 2013-09-03 13:27 - 2011-07-28 10:39 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-03 13:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-03 13:23 - 2013-03-09 17:06 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-03 13:23 - 2013-03-09 17:06 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-09-03 13:23 - 2011-09-02 17:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-03 13:23 - 2011-07-28 16:56 - 00000000 ____D C:\Users\reibol\AppData\Roaming\Apple Computer 2013-09-03 13:22 - 2011-07-28 12:32 - 00000000 ____D C:\Users\reibol\AppData\Local\Adobe 2013-09-03 13:15 - 2013-09-03 13:05 - 00000000 ____D C:\Qoobox 2013-09-03 13:14 - 2013-09-03 13:05 - 00000000 ____D C:\Windows\erdnt 2013-09-03 13:12 - 2009-07-14 04:34 - 00000248 _____ C:\Windows\system.ini 2013-09-03 12:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-09-03 12:36 - 2013-09-03 12:36 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-03 12:36 - 2013-09-03 12:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-03 12:36 - 2013-09-03 12:35 - 00000000 ____D C:\Program Files\iTunes 2013-09-03 12:36 - 2013-09-03 12:35 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-03 12:35 - 2013-09-03 12:35 - 00000000 ____D C:\Program Files\iPod 2013-09-03 12:28 - 2011-02-10 21:25 - 00654602 _____ C:\Windows\system32\perfh007.dat 2013-09-03 12:28 - 2011-02-10 21:25 - 00130216 _____ C:\Windows\system32\perfc007.dat 2013-09-03 12:28 - 2009-07-14 07:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-02 14:50 - 2013-05-06 12:55 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-09-02 14:50 - 2013-03-28 08:15 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-09-02 14:50 - 2013-03-28 08:15 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-09-02 12:36 - 2013-09-02 11:35 - 00000000 ____D C:\AdwCleaner 2013-09-02 12:03 - 2013-09-02 12:03 - 00000000 ____D C:\FRST 2013-09-02 11:51 - 2013-09-02 11:51 - 00000000 ____D C:\Windows\ERUNT 2013-09-02 11:13 - 2013-09-02 11:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-09-02 11:13 - 2013-05-18 13:05 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-09-02 11:13 - 2013-05-18 13:05 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-09-02 11:13 - 2011-03-15 00:20 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-09-02 11:13 - 2011-03-15 00:20 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-09-02 11:13 - 2011-02-10 22:50 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-30 12:23 - 2013-03-30 17:23 - 00068608 ___SH C:\Users\reibol\Desktop\Thumbs.db 2013-08-30 12:21 - 2012-03-24 15:31 - 00000000 ____D C:\Users\reibol\Desktop\Bild 2013-08-29 20:28 - 2013-08-29 20:28 - 02092792 _____ C:\Users\reibol\Downloads\avira_free_antivirus(2).exe 2013-08-28 18:28 - 2012-05-09 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-26 13:35 - 2013-06-26 10:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-26 13:33 - 2011-08-01 10:45 - 00000000 ____D C:\Users\reibol\AppData\Roaming\SoftGrid Client 2013-08-22 21:00 - 2011-09-25 12:05 - 00000000 ____D C:\Users\reibol\Desktop\nb 2013-08-22 20:50 - 2011-07-28 12:04 - 00000000 ____D C:\Users\reibol\Documents\Nico 2013-08-16 04:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-08-16 03:03 - 2013-07-29 03:00 - 00000000 ____D C:\Windows\system32\MRT 2013-08-16 03:01 - 2011-02-10 22:56 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-01 00:46 ==================== End Of Log ============================ --- --- --- |
03.09.2013, 16:18 | #8 |
/// TB-Ausbilder | I have net Problem Ist wieder keine Addition.txt von FRST erstellt worden? Sonst wiederhole bitte den FRST-Scan und achte darauf, dass bei "Addition.txt" ein Haken gesetzt ist.
__________________ cheers, Leo |
11.09.2013, 08:50 | #9 |
/// TB-Ausbilder | I have net Problem Hi, ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.
__________________ cheers, Leo |
16.09.2013, 17:21 | #10 |
/// TB-Ausbilder | I have net Problem Fehlende Rückmeldung Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten. Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
Themen zu I have net Problem |
administrator, adobe, antivir, antivirus, avira, bonjour, browser, continue, desktop, explorer, farbar, farbar recovery scan tool, flash player, home, homepage, icreinstall, log, mozilla, opera, plug-in, problem, realtek, registry, security, services.exe, software, svchost.exe, system, temp, winlogon.exe |