Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Nach Combofix immer "Fehlerwiederherstellungsmodus"

Nach Combofix immer "Fehlerwiederherstellungsmodus"


Plagegeister aller Art und deren Bekämpfung: Nach Combofix immer "Fehlerwiederherstellungsmodus"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.02.2014, 08:43   #1
Andreas-Kiel
 
Nach Combofix immer "Fehlerwiederherstellungsmodus" - Standard

Nach Combofix immer "Fehlerwiederherstellungsmodus"


Hi Experten,
ich habe ein Problem und hoffe, Ihr könnt mir helfen.

Ich habe (übrigens immer noch) mir den Browser Hijacker "hxxp://www.awesomehp.com" eingefangen. Noch den ganzen Standardaktionen (Startup überprüft, Links "gereinigt", Startseite neu festgelegt, Browser auf default zurückgesetzt, Registrierung durchsucht, 3 zugehörige Programme deinstalliert, MBAM, CCleaner, adwcleaner und HijackThis durchlaufen und reinigen lassen) war das blöde Ding leider immer noch da. Da ich irgendwo mal etwas davon gelesen hatte, daß Combofix auch sehr gut sein soll, habe ich den gestartet und dachte, daß ich dann noch Auswahlmöglichkeiten habe, aber es gab keine oder ich habe sie übersehen, auf jeden Fall hat er mit Scan und automatischer Reinigung begonnen und den Rechner neu gestartet.
Leider kam bei der Anmeldung dann immer "Fehlerwiederherstellungsmodus". Ich kann mich zwar anmelden, aber das ist natürlich sehr unschön. Der awesome war im Firefox weg, der IE startete gar nicht mehr.
Daraufhin habe ich eine Systemwiederherstellung gemacht.

Der Ist-Stand ist jetzt:
Beim Anmelden immer noch "Fehlerwiederherstellungsmodus" und im IE ist immer noch der Awesome (aber immerhin startet er wieder).

Könnt Ihr mir dabei irgendwie weiterhelfen, denn langsam bin ich auch am Ende meiner Weisheit.

Vielen Dank im voraus,

Andreas

Alt 18.02.2014, 09:22   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Nach Combofix immer "Fehlerwiederherstellungsmodus" - Standard

Nach Combofix immer "Fehlerwiederherstellungsmodus"


Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 18.02.2014, 10:59   #3
Andreas-Kiel
 
Nach Combofix immer "Fehlerwiederherstellungsmodus" - Standard

Nach Combofix immer "Fehlerwiederherstellungsmodus"


Hi Schrauber,
auf jeden Fall schon Mal vielen Dank für Deine Hilfe.

Sorry übrigens, habe noch folgendes vergessen: BS: Windows 7 pro 64 Bit

Habe FSRT durchlaufen lassen und poste die beiden Dateien.

FSRT:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by r (administrator) on PC on 18-02-2014 10:30:16
Running from C:\Users\r\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
(GFI Software Ltd.) C:\Program Files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 12\lnssprocessorservice.exe
(Apache Software Foundation) C:\Program Files (x86)\GFI\LanGuard 11 Agent\Httpd\bin\httpd.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\HP.Dss.App.WinService.exe
(Apache Software Foundation) C:\Program Files (x86)\GFI\LanGuard 11 Agent\Httpd\bin\httpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(SolarWinds) C:\Program Files (x86)\SolarWinds\TFTP Server\SolarWinds TFTP Server.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
() C:\Windows\System32\nwtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Syntek Ltd.) C:\Windows\STK02N\STK02NM.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 12\languard.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnsscomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\java.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\update.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NWTRAY] - C:\Windows\system32\NWTRAY.EXE [45656 2011-07-17] ()
HKLM\...\Run: [combofix] - C:\ComboFix\Combobatch.bat [8216 2011-10-30] ()
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-06-22] (Analog Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-13] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll [X]
HKU\S-1-5-21-2758990797-477802305-3347868275-1000\...\Run: [Rainlendar2] - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2498048 2012-07-24] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de
URLSearchHook: HKCU - (No Name) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {BEF961E3-EF8D-441A-9084-5E2DC57B0436} URL = 
SearchScopes: HKCU - {D65B6369-8774-4C5B-8595-C3BDDE73900B} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {78E516EF-11DE-47A1-8364-A99B917EC5EE} -  No File
Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} -  No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.mri.bund.de/dana-cached/sc/JuniperSetupClient.cab
Handler: li5bin - {1E39F80A-E02D-40CC-AA23-9620BC3F2A0B} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: li5bin - {1E39F80A-E02D-40CC-AA23-9620BC3F2A0B} - C:\Program Files (x86)\LOGIN\LOGINventory5\LoginProtocolHandler.dll (Schmidt's LOGIN GmbH)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{7F61B47B-6AD0-4DF2-AD69-1E21255FCA0D}: [NameServer]172.29.65.194,172.29.65.195

FireFox:
========
FF ProfilePath: C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF NetworkProxy: "ftp", "195.68.150.50"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "195.68.150.50"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "195.68.150.50"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "195.68.150.50"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\nptcl31.dll (ActiveState Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\pluginhostctrl.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Lightning Speed Dial - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default\Extensions\lightningnewtab@gmail.com [2014-02-17]
FF Extension: DownloadHelper - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-12]
FF Extension: Extension_Protected - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-02-07]
FF Extension: Stealthy - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default\Extensions\stealthyextension@gmail.com.xpi [2011-04-08]
FF Extension: WorldIP - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default\Extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi [2012-06-14]
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{68F9AD69-B12D-4C6C-8427-AAC1ED4E8439} [2014-02-10]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF [2013-11-11]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default\extensions\lightningnewtab@gmail.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [{68F9AD69-B12D-4C6C-8427-AAC1ED4E8439}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{68F9AD69-B12D-4C6C-8427-AAC1ED4E8439}
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{68F9AD69-B12D-4C6C-8427-AAC1ED4E8439} [2014-02-10]

Chrome: 
=======
CHR HomePage: hxxp://www.awesomehp.com/?type=hp&ts=1391770647&from=amt&uid=WDCXWD5000AAKS-75V0A0_WD-WCAWF880912009120
CHR RestoreOnStartup: "hxxp://www.awesomehp.com/?type=hp&ts=1391770647&from=amt&uid=WDCXWD5000AAKS-75V0A0_WD-WCAWF880912009120"
CHR Extension: (Download Protect) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\demhbiiflflpchkfpekojbmiolpkpjdk [2014-02-10]
CHR Extension: (Download Protect) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\mimnngjpfeanaheehdpfondeelejcddd [2014-02-06]
CHR Extension: (Google Wallet) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-10]
CHR HKLM-x32\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-02-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [135536 2013-08-09] (GFI Software Development Ltd.)
S4 gfi_lanss9_attservice; C:\Program Files (x86)\GFI\LANguard 9\lnssatt.exe [329144 2010-11-13] (GFI Software Ltd.)
R2 GFI_ReportCenter35; C:\Program Files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe [111912 2009-06-16] (GFI Software Ltd.)
S2 HPWJAService; C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe [45056 2011-07-14] (Hewlett-Packard Development Company, L.P.)
R2 HPWSProAdapter; C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\HP.Dss.App.WinService.exe [9728 2011-06-29] (Hewlett-Packard)
R2 MSSQL$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [192000 2012-12-29] (Microsoft Corporation)
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251760 2012-03-29] (BUFFALO INC.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2013-11-08] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2013-11-08] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2013-11-08] (Symantec Corporation)
R2 SolarWinds TFTP Server; C:\Program Files (x86)\SolarWinds\TFTP Server\SolarWinds TFTP Server.exe [60928 2012-12-10] (SolarWinds)
S4 SQLAgent$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [612864 2012-12-29] (Microsoft Corporation)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [19544 2011-07-17] (Novell, Inc.)

==================== Drivers (Whitelisted) ====================

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
S3 AtiDCM; C:\ATI\Support\11-8_vista64_win7_64_dd_ccc_ocl\Bin64\atdcm64a.sys [26752 2011-07-28] (Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20140121.011\BHDrvx64.sys [1526488 2014-01-14] (Symantec Corporation)
R1 ccSettings_{B1B5C4BC-65F0-4679-B31C-7B031940DC2E}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2013-11-08] (Symantec Corporation)
S3 DCamUSBSTK02N; C:\Windows\System32\DRIVERS\STK02NW2.sys [106496 2007-03-12] (Syntek Ltd.)
S3 DCamUSBSTK02N; C:\Windows\SysWOW64\DRIVERS\STK02NW2.sys [101520 2007-03-12] (Syntek Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-22] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20140217.011\IDSvia64.sys [521944 2014-02-17] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140217.006\ENG64.SYS [126040 2014-02-17] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140217.006\EX64.SYS [2099288 2014-02-17] (Symantec Corporation)
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [113240 2011-07-17] ()
R3 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [106072 2011-07-17] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [89688 2011-07-17] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [119384 2011-07-17] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [26200 2011-07-17] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [31320 2011-07-17] (Novell, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [40464 2009-02-08] (CACE Technologies)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-04-09] ()
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-08-29] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-08-29] (RapidSolution Software AG)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-19] (Microsoft Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2013-11-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2013-11-08] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2013-11-08] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2013-11-08] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2013-11-08] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2013-11-08] (Symantec Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [294248 2011-05-30] (Microsoft Corporation)
U3 nccache; C:\Program Files\Novell\Client\XTier\Drivers\nccache.sys [34392 2011-07-17] (Novell, Inc.)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [79448 2011-07-17] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [77912 2011-07-17] (Novell, Inc.)
U3 ncpfsp; C:\Program Files\Novell\Client\XTier\Drivers\ncpfsp.sys [90712 2011-07-17] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [49240 2011-07-17] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [19544 2011-07-17] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [83032 2011-07-17] (Novell, Inc.)
U3 nds4; C:\Program Files\Novell\Client\XTier\Drivers\nds4.sys [128088 2011-07-17] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [39000 2011-07-17] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [55896 2011-07-17] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [33880 2011-07-17] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [25176 2011-07-17] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [35928 2011-07-17] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [58456 2011-07-17] (Novell, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 oodiseml; \??\C:\Users\r\AppData\Local\Temp\OOBPSFXDE\oodiseml64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-18 10:30 - 2014-02-18 10:30 - 00026354 _____ () C:\Users\r\Downloads\FRST.txt
2014-02-18 10:30 - 2014-02-18 10:30 - 00000000 ____D () C:\FRST
2014-02-18 10:29 - 2014-02-18 10:29 - 02152448 _____ (Farbar) C:\Users\r\Downloads\FRST64.exe
2014-02-17 11:20 - 2013-11-27 00:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-17 11:20 - 2013-11-26 23:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-17 11:15 - 2014-02-17 11:16 - 00000000 ___SD () C:\ComboFix
2014-02-17 10:28 - 2014-02-17 10:28 - 00000000 ____D () C:\Users\r\AppData\Local\Juniper Networks
2014-02-17 07:44 - 2014-02-17 07:44 - 00031701 _____ () C:\ComboFix.txt
2014-02-12 13:07 - 2014-02-12 13:09 - 00005441 _____ () C:\Windows\IE11_main.log
2014-02-12 10:26 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-12 10:26 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-12 10:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-12 10:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-12 10:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-12 10:26 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-12 10:26 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-12 10:26 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-12 10:21 - 2014-02-17 11:15 - 00000000 ____D () C:\Qoobox
2014-02-12 10:21 - 2014-02-17 10:40 - 00000000 ____D () C:\Windows\erdnt
2014-02-12 10:20 - 2014-02-12 10:20 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill64-31163.exe
2014-02-12 10:19 - 2014-02-12 10:19 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill64.exe
2014-02-12 10:18 - 2014-02-12 10:21 - 05180679 ____R (Swearware) C:\Users\r\Downloads\ComboFix.exe
2014-02-12 10:18 - 2014-02-12 10:18 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill.exe
2014-02-12 08:36 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-12 08:36 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-12 08:36 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-12 08:36 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-12 08:36 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-12 08:36 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-12 08:36 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-12 08:36 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-12 08:36 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-12 08:36 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-12 08:36 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-12 08:36 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-12 08:36 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-12 08:36 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-12 08:36 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-12 08:36 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-12 08:24 - 2013-12-21 10:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 08:24 - 2013-12-21 08:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 08:23 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 08:23 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 08:23 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 08:23 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 08:23 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 08:23 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 08:23 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 08:23 - 2014-02-01 07:45 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-12 08:23 - 2014-02-01 07:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-12 08:15 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 08:15 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 08:15 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 08:15 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 08:15 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 08:15 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 08:15 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 08:15 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 08:15 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 08:15 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 08:15 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 08:15 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 08:15 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 08:15 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 08:15 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 08:15 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 08:15 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 08:15 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 08:15 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 08:15 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 08:15 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 08:15 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 08:15 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 08:15 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 08:15 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 08:15 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 08:15 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 08:15 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 08:15 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-12 08:15 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-11 11:53 - 2014-02-11 11:53 - 01259653 _____ (SWE Sven Ritter ) C:\Users\r\Downloads\chpe6224_6226vstw7-medion-olli.exe
2014-02-11 11:52 - 2014-02-11 12:22 - 346987473 _____ (SWE Sven Ritter ) C:\Users\r\Downloads\wlane6224_6226vstw7-medion-olli.exe
2014-02-11 11:35 - 2014-02-17 11:00 - 00000000 ____D () C:\AdwCleaner
2014-02-10 09:03 - 2014-02-10 09:03 - 00000600 _____ () C:\Users\r\AppData\Local\PUTTY.RND
2014-02-07 14:25 - 2014-02-07 14:28 - 00000000 ____D () C:\Users\r\Documents\oki-5450
2014-02-07 12:26 - 2014-02-07 12:26 - 00000000 ____D () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection Manager
2014-02-07 12:01 - 2014-02-07 12:01 - 07828864 _____ (hxxp://yourfiledownloader.com) C:\Users\r\Downloads\Cleanwipe_Symantec_Removal_Tool_downloader.exe
2014-02-07 11:59 - 2014-02-11 11:32 - 00000000 ____D () C:\Program Files (x86)\MiniGet
2014-02-07 11:59 - 2014-02-11 11:31 - 00000000 ____D () C:\ProgramData\WPM
2014-02-07 11:59 - 2014-02-11 11:31 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-07 11:59 - 2014-02-11 11:31 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-07 11:59 - 2014-02-07 11:59 - 00000000 ____D () C:\Users\r\AppData\Roaming\MiniGet
2014-02-07 11:56 - 2014-02-11 11:32 - 00000000 ____D () C:\Users\r\AppData\Local\Mobogenie
2014-02-07 11:56 - 2014-02-11 07:59 - 00000000 ____D () C:\Users\r\AppData\Roaming\newnext.me
2014-02-07 11:56 - 2014-02-07 12:00 - 00000000 ____D () C:\Users\r\AppData\Local\cache
2014-02-07 11:56 - 2014-02-07 11:56 - 00000000 ____D () C:\Users\r\Documents\Mobogenie
2014-02-07 11:56 - 2014-02-07 11:56 - 00000000 ____D () C:\Users\r\AppData\Local\genienext
2014-02-07 11:56 - 2014-02-07 11:56 - 00000000 ____D () C:\Users\r\.android
2014-02-07 11:56 - 2014-02-07 11:56 - 00000000 _____ () C:\Users\r\daemonprocess.txt
2014-02-07 11:54 - 2014-02-07 11:54 - 00338984 _____ (Amônétízé Ltd) C:\Users\r\Downloads\Cleanwipe Symantec Removal Tool__3039_i337724533_il2294914.exe
2014-02-05 16:50 - 2014-02-05 16:50 - 00001903 _____ () C:\Users\r\Downloads\config1 (1).pcc
2014-02-05 15:53 - 2014-02-05 15:53 - 03640370 _____ () C:\Users\r\Downloads\2510G-Software-Y1144.zip
2014-02-05 15:26 - 2014-02-05 15:27 - 00000000 ____D () C:\TFTP-Root
2014-02-05 15:26 - 2014-02-05 15:26 - 00002227 _____ () C:\Users\r\Desktop\TFTP Server.lnk
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SolarWinds TFTP Server
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Users\r\AppData\Local\SolarWinds
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Program Files (x86)\SolarWinds
2014-02-05 15:25 - 2014-02-05 15:26 - 00000000 ____D () C:\ProgramData\SolarWinds
2014-02-05 15:25 - 2014-02-05 15:25 - 01292454 _____ () C:\Users\r\Downloads\solarwinds-tftp-server.zip
2014-02-05 15:25 - 2014-02-05 15:25 - 00000000 ____D () C:\Users\r\AppData\Local\Applications
2014-02-05 15:13 - 2014-02-05 15:13 - 00000987 _____ () C:\Users\r\Desktop\PuTTY.lnk
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Program Files (x86)\PuTTY
2014-02-05 15:12 - 2014-02-05 15:12 - 01869122 _____ (Simon Tatham ) C:\Users\r\Downloads\putty-0.63-installer.exe
2014-02-05 15:09 - 2014-02-05 15:08 - 00495616 _____ (Simon Tatham) C:\Users\r\Desktop\putty_0.63.exe
2014-02-05 15:08 - 2014-02-05 15:08 - 00495616 _____ (Simon Tatham) C:\Users\r\Downloads\putty_0.63.exe
2014-02-05 14:50 - 2014-02-05 14:50 - 00238929 _____ () C:\Users\r\Downloads\termv19b.zip
2014-01-31 10:55 - 2014-01-31 10:55 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-31 10:55 - 2014-01-31 10:55 - 00000000 ____D () C:\Program Files\Java
2014-01-30 16:25 - 2014-01-30 16:26 - 14886828 _____ () C:\Users\r\Downloads\yl-zl-6600-3500-Software-K.15.13.0005.zip
2014-01-29 12:16 - 2014-01-29 12:16 - 00000000 ____D () C:\Users\r\Downloads\symantec-cleaner
2014-01-28 09:58 - 2014-01-28 09:59 - 00001948 _____ () C:\Users\r\Downloads\switch200-61.txt
2014-01-28 09:49 - 2014-01-28 09:49 - 00001919 _____ () C:\Users\r\Downloads\config1.pcc
2014-01-28 09:44 - 2014-01-28 09:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-28 09:42 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-28 09:42 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-28 09:42 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-28 09:42 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-28 09:39 - 2014-01-28 09:42 - 00005298 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-28 08:19 - 2014-01-28 08:19 - 00096037 _____ () C:\Users\r\Downloads\FW-Kiel-2014-01.txt
2014-01-22 09:02 - 2014-01-22 09:02 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-22 09:02 - 2014-01-22 09:02 - 00000000 ____D () C:\Users\r\AppData\Roaming\Malwarebytes
2014-01-22 09:02 - 2014-01-22 09:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-22 09:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-21 08:35 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-21 08:35 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-20 16:34 - 2014-01-20 16:34 - 53266432 _____ () C:\Users\r\Downloads\R113P_RK11_RCD_Express_ea_2011-04-28_15-03-47.iso
2014-01-20 16:12 - 2014-01-20 16:16 - 51869728 _____ () C:\Users\r\Downloads\rk_free.exe
2014-01-20 16:07 - 2014-01-20 16:11 - 153114624 _____ () C:\Users\r\Downloads\Trinity_Rescue_Kit_3.4_PC-WELT-Edition.iso
2014-01-20 16:05 - 2014-01-20 16:07 - 17954672 _____ (EaseUS ) C:\Users\r\Downloads\partition_recovery_5.6.1.exe

==================== One Month Modified Files and Folders =======

2014-02-18 10:30 - 2014-02-18 10:30 - 00026354 _____ () C:\Users\r\Downloads\FRST.txt
2014-02-18 10:30 - 2014-02-18 10:30 - 00000000 ____D () C:\FRST
2014-02-18 10:29 - 2014-02-18 10:29 - 02152448 _____ (Farbar) C:\Users\r\Downloads\FRST64.exe
2014-02-18 08:49 - 2010-12-14 15:15 - 00000000 ____D () C:\Windows\Patches
2014-02-18 08:49 - 2009-07-14 06:10 - 01525619 _____ () C:\Windows\WindowsUpdate.log
2014-02-18 08:17 - 2009-07-14 05:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-18 08:17 - 2009-07-14 05:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-18 08:16 - 2010-12-22 12:42 - 00000000 ____D () C:\ProgramData\Symantec
2014-02-18 08:15 - 2012-11-30 12:04 - 00000000 ____D () C:\Users\r\.rainlendar2
2014-02-18 08:07 - 2013-01-30 08:06 - 00023487 _____ () C:\Windows\setupact.log
2014-02-18 08:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-17 16:10 - 2011-08-30 10:00 - 00000000 ____D () C:\Users\r\Documents\Outlook-Dateien
2014-02-17 15:51 - 2011-01-14 10:45 - 00000000 ____D () C:\Program Files (x86)\Look@LAN
2014-02-17 15:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-17 11:16 - 2014-02-17 11:15 - 00000000 ___SD () C:\ComboFix
2014-02-17 11:15 - 2014-02-12 10:21 - 00000000 ____D () C:\Qoobox
2014-02-17 11:01 - 2013-02-06 14:25 - 01249250 _____ () C:\Windows\PFRO.log
2014-02-17 11:00 - 2014-02-11 11:35 - 00000000 ____D () C:\AdwCleaner
2014-02-17 10:57 - 2013-01-29 09:19 - 00000000 ____D () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2014-02-17 10:46 - 2013-09-12 11:31 - 00000000 ____D () C:\Users\MSSQLSERVER
2014-02-17 10:45 - 2013-05-27 13:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-17 10:45 - 2010-12-03 09:22 - 00000000 ____D () C:\Users\r
2014-02-17 10:43 - 2013-10-30 15:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-17 10:43 - 2011-10-10 08:26 - 00000000 ____D () C:\Users\r\AppData\Roaming\Juniper Networks
2014-02-17 10:43 - 2011-10-04 08:00 - 00000000 ____D () C:\Users\DefaultAppPool
2014-02-17 10:43 - 2011-08-31 13:43 - 00000000 ____D () C:\Windows\Minidump
2014-02-17 10:43 - 2011-05-06 11:56 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-02-17 10:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-17 10:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-17 10:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-02-17 10:41 - 2011-11-29 15:14 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-17 10:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas
2014-02-17 10:40 - 2014-02-12 10:21 - 00000000 ____D () C:\Windows\erdnt
2014-02-17 10:40 - 2011-05-06 11:35 - 00000000 ____D () C:\inetpub
2014-02-17 10:40 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-17 10:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-17 10:28 - 2014-02-17 10:28 - 00000000 ____D () C:\Users\r\AppData\Local\Juniper Networks
2014-02-17 09:53 - 2013-09-12 08:40 - 00000000 ____D () C:\Users\r\AppData\Local\CrashDumps
2014-02-17 09:53 - 2010-11-10 17:38 - 00000000 ____D () C:\Windows\Panther
2014-02-17 09:48 - 2010-12-03 14:07 - 00002332 ____H () C:\Users\r\Documents\Default.rdp
2014-02-17 07:44 - 2014-02-17 07:44 - 00031701 _____ () C:\ComboFix.txt
2014-02-12 15:55 - 2009-07-14 03:34 - 16515072 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-02-12 15:55 - 2009-07-14 03:34 - 128188416 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-02-12 15:55 - 2009-07-14 03:34 - 02883584 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-02-12 15:55 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-02-12 15:55 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-02-12 13:09 - 2014-02-12 13:07 - 00005441 _____ () C:\Windows\IE11_main.log
2014-02-12 13:07 - 2013-05-27 13:30 - 00003824 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-12 13:07 - 2012-03-30 06:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-12 13:07 - 2011-05-17 07:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-12 12:33 - 2011-03-15 08:43 - 00003572 _____ () C:\Users\r\Desktop\netzliste-lokal-gekürzt.txt
2014-02-12 10:21 - 2014-02-12 10:18 - 05180679 ____R (Swearware) C:\Users\r\Downloads\ComboFix.exe
2014-02-12 10:20 - 2014-02-12 10:20 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill64-31163.exe
2014-02-12 10:19 - 2014-02-12 10:19 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill64.exe
2014-02-12 10:18 - 2014-02-12 10:18 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill.exe
2014-02-12 08:39 - 2011-05-11 07:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 08:38 - 2013-07-11 06:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 08:37 - 2010-12-03 10:12 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 08:29 - 2011-05-06 11:36 - 02421844 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 08:29 - 2009-07-14 18:58 - 01019824 _____ () C:\Windows\system32\perfh007.dat
2014-02-12 08:29 - 2009-07-14 18:58 - 00265030 _____ () C:\Windows\system32\perfc007.dat
2014-02-12 08:28 - 2009-07-14 06:13 - 02421844 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 08:20 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-11 12:22 - 2014-02-11 11:52 - 346987473 _____ (SWE Sven Ritter ) C:\Users\r\Downloads\wlane6224_6226vstw7-medion-olli.exe
2014-02-11 11:53 - 2014-02-11 11:53 - 01259653 _____ (SWE Sven Ritter ) C:\Users\r\Downloads\chpe6224_6226vstw7-medion-olli.exe
2014-02-11 11:35 - 2013-03-13 14:42 - 01166132 _____ () C:\Users\r\Downloads\adwcleaner.exe
2014-02-11 11:32 - 2014-02-07 11:59 - 00000000 ____D () C:\Program Files (x86)\MiniGet
2014-02-11 11:32 - 2014-02-07 11:56 - 00000000 ____D () C:\Users\r\AppData\Local\Mobogenie
2014-02-11 11:31 - 2014-02-07 11:59 - 00000000 ____D () C:\ProgramData\WPM
2014-02-11 11:31 - 2014-02-07 11:59 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-11 11:31 - 2014-02-07 11:59 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-11 07:59 - 2014-02-07 11:56 - 00000000 ____D () C:\Users\r\AppData\Roaming\newnext.me
2014-02-10 09:13 - 2010-12-03 09:23 - 00001427 _____ () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-10 09:12 - 2013-10-07 11:09 - 00002330 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-10 09:12 - 2011-03-03 09:33 - 00001081 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-10 09:03 - 2014-02-10 09:03 - 00000600 _____ () C:\Users\r\AppData\Local\PUTTY.RND
2014-02-07 14:28 - 2014-02-07 14:25 - 00000000 ____D () C:\Users\r\Documents\oki-5450
2014-02-07 12:26 - 2014-02-07 12:26 - 00000000 ____D () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection Manager
2014-02-07 12:26 - 2012-12-17 14:14 - 00002191 _____ () C:\Users\r\Desktop\Symantec Endpoint Protection Manager-Remote-Konsole.lnk
2014-02-07 12:01 - 2014-02-07 12:01 - 07828864 _____ (hxxp://yourfiledownloader.com) C:\Users\r\Downloads\Cleanwipe_Symantec_Removal_Tool_downloader.exe
2014-02-07 12:00 - 2014-02-07 11:56 - 00000000 ____D () C:\Users\r\AppData\Local\cache
2014-02-07 11:59 - 2014-02-07 11:59 - 00000000 ____D () C:\Users\r\AppData\Roaming\MiniGet
2014-02-07 11:56 - 2014-02-07 11:56 - 00000000 ____D () C:\Users\r\Documents\Mobogenie
2014-02-07 11:56 - 2014-02-07 11:56 - 00000000 ____D () C:\Users\r\AppData\Local\genienext
2014-02-07 11:56 - 2014-02-07 11:56 - 00000000 ____D () C:\Users\r\.android
2014-02-07 11:56 - 2014-02-07 11:56 - 00000000 _____ () C:\Users\r\daemonprocess.txt
2014-02-07 11:54 - 2014-02-07 11:54 - 00338984 _____ (Amônétízé Ltd) C:\Users\r\Downloads\Cleanwipe Symantec Removal Tool__3039_i337724533_il2294914.exe
2014-02-07 10:01 - 2011-03-07 09:41 - 00004057 _____ () C:\Users\r\Desktop\netzliste-lokal.txt
2014-02-06 12:05 - 2013-06-26 07:33 - 00001931 _____ () C:\Users\r\Desktop\switch-61.txt
2014-02-05 16:50 - 2014-02-05 16:50 - 00001903 _____ () C:\Users\r\Downloads\config1 (1).pcc
2014-02-05 15:53 - 2014-02-05 15:53 - 03640370 _____ () C:\Users\r\Downloads\2510G-Software-Y1144.zip
2014-02-05 15:27 - 2014-02-05 15:26 - 00000000 ____D () C:\TFTP-Root
2014-02-05 15:26 - 2014-02-05 15:26 - 00002227 _____ () C:\Users\r\Desktop\TFTP Server.lnk
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SolarWinds TFTP Server
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Users\r\AppData\Local\SolarWinds
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Program Files (x86)\SolarWinds
2014-02-05 15:26 - 2014-02-05 15:25 - 00000000 ____D () C:\ProgramData\SolarWinds
2014-02-05 15:25 - 2014-02-05 15:25 - 01292454 _____ () C:\Users\r\Downloads\solarwinds-tftp-server.zip
2014-02-05 15:25 - 2014-02-05 15:25 - 00000000 ____D () C:\Users\r\AppData\Local\Applications
2014-02-05 15:13 - 2014-02-05 15:13 - 00000987 _____ () C:\Users\r\Desktop\PuTTY.lnk
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Program Files (x86)\PuTTY
2014-02-05 15:12 - 2014-02-05 15:12 - 01869122 _____ (Simon Tatham ) C:\Users\r\Downloads\putty-0.63-installer.exe
2014-02-05 15:08 - 2014-02-05 15:09 - 00495616 _____ (Simon Tatham) C:\Users\r\Desktop\putty_0.63.exe
2014-02-05 15:08 - 2014-02-05 15:08 - 00495616 _____ (Simon Tatham) C:\Users\r\Downloads\putty_0.63.exe
2014-02-05 14:50 - 2014-02-05 14:50 - 00238929 _____ () C:\Users\r\Downloads\termv19b.zip
2014-02-03 11:54 - 2012-09-27 08:28 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-03 11:54 - 2012-09-27 08:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-03 08:47 - 2013-09-12 09:41 - 00024170 _____ () C:\Users\r\Documents\photovoltaik.xlsx
2014-02-03 08:42 - 2013-12-12 13:51 - 00010153 _____ () C:\Users\r\Documents\recyclingpreise.xlsx
2014-02-01 10:20 - 2014-02-12 08:23 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-12 08:23 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-01 10:19 - 2014-02-12 08:23 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-12 08:23 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-12 08:23 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-12 08:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-12 08:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-01 07:45 - 2014-02-12 08:23 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-01 07:38 - 2014-02-12 08:23 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-31 10:55 - 2014-01-31 10:55 - 00000000 ____D () C:\Program Files\Java
2014-01-30 16:26 - 2014-01-30 16:25 - 14886828 _____ () C:\Users\r\Downloads\yl-zl-6600-3500-Software-K.15.13.0005.zip
2014-01-29 12:16 - 2014-01-29 12:16 - 00000000 ____D () C:\Users\r\Downloads\symantec-cleaner
2014-01-28 15:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-28 09:59 - 2014-01-28 09:58 - 00001948 _____ () C:\Users\r\Downloads\switch200-61.txt
2014-01-28 09:49 - 2014-01-28 09:49 - 00001919 _____ () C:\Users\r\Downloads\config1.pcc
2014-01-28 09:44 - 2014-01-28 09:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-28 09:42 - 2014-01-28 09:39 - 00005298 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-28 09:42 - 2013-06-24 11:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-28 08:19 - 2014-01-28 08:19 - 00096037 _____ () C:\Users\r\Downloads\FW-Kiel-2014-01.txt
2014-01-27 10:15 - 2013-07-01 13:08 - 00002522 _____ () C:\Users\r\AppData\Local\RAExpertHistory.xml
2014-01-22 09:02 - 2014-01-22 09:02 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-22 09:02 - 2014-01-22 09:02 - 00000000 ____D () C:\Users\r\AppData\Roaming\Malwarebytes
2014-01-22 09:02 - 2014-01-22 09:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-22 09:02 - 2013-11-13 08:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\r\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-21 08:52 - 2009-07-14 05:45 - 00434392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-20 16:34 - 2014-01-20 16:34 - 53266432 _____ () C:\Users\r\Downloads\R113P_RK11_RCD_Express_ea_2011-04-28_15-03-47.iso
2014-01-20 16:16 - 2014-01-20 16:12 - 51869728 _____ () C:\Users\r\Downloads\rk_free.exe
2014-01-20 16:11 - 2014-01-20 16:07 - 153114624 _____ () C:\Users\r\Downloads\Trinity_Rescue_Kit_3.4_PC-WELT-Edition.iso
2014-01-20 16:07 - 2014-01-20 16:05 - 17954672 _____ (EaseUS ) C:\Users\r\Downloads\partition_recovery_5.6.1.exe

Some content of TEMP:
====================
C:\Users\r\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-10 08:20

==================== End Of Log ============================
--- --- ---


Additions:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2014
Ran by r at 2014-02-18 10:31:02
Running from C:\Users\r\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

==================== Installed Programs ======================

 Overlook Fing (x32 Version: 2.1 - Overlook)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
ATI Catalyst Control Center (x32 Version: 2.010.0113.2207 - )
Audials (x32 Version: 8.0.54800.0 - RapidSolution Software AG)
Audials TV (x32 Version: 1.3.10803.300 - RapidSolution Software AG)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
BUFFALO NAS Navigator2 (x32 Version:  - )
CABLABEL R2+ (x32 Version: 9.00.01 - cab)
CanoScan Toolbox Ver4.9 (x32 Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0113.2208.39662 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help English (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help French (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help German (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
ccc-utility64 (Version: 2010.0113.2208.39662 - ATI) Hidden
CCleaner (Version: 4.10 - Piriform)
ConvertHelper 2.2 (x32 Version:  - DownloadHelper)
CuperUtilities StartUp Manager 1.1 (x32 Version:  - Cupersoft, Inc.)
Data Admin V4 (x32 Version: 4.1.5000 - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Dell Control Point 64 (Version: 1.6.468.86 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (x32 Version: 1.6.468.86 - Dell Inc.)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (Version: 02.05.04.001 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (x32 Version: 1.4.056 - Dell Inc.)
Device Set-Up (x32 Version: 1.00.3000 - )
DirSync Directory Synchronizer (x32 Version: 3.0.8 - ArcherSoft Inc.)
EMBASSY Security Center Lite (Version: 04.01.00.044 - Ihr Firmenname) Hidden
EMBASSY Security Center Lite (x32 Version:  - ) Hidden
EMBASSY Security Setup (Version: 04.01.00.043 - Ihr Firmenname) Hidden
EMBASSY Security Setup (x32 Version:  - ) Hidden
ESC Home Page Plugin (Version: 04.01.00.010 - Ihr Firmenname) Hidden
ESC Home Page Plugin (x32 Version:  - ) Hidden
Eudora OSE (1.0) (x32 Version: 1.0 (en-US) - Mozilla)
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
GDR 3128 für SQL Server 2012 (KB2793634) (64-bit) (Version: 11.1.3128.0 - Microsoft Corporation)
Gemalto (Version: 01.64.00.0010 - Wave Systems Corp) Hidden
GFI LanGuard 11 Agent (x32 Version: 11.2.2013.0809 - GFI Software Ltd) Hidden
GFI LanGuard 2014 (x32 Version: 11.2.2013.0809 - GFI Software Ltd)
GFI LANguard 9.6 (x32 Version: 9.6.2010.1113 - GFI Software Ltd)
GFI LANguard 9.6 (x32 Version: 9.6.2010.1113 - GFI Software Ltd) Hidden
GFI ReportCenter Framework (x32 Version: 3.6.2009.0630 - GFI Software Ltd)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.4.3607.2246 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.123 - Google Inc.) Hidden
HP Designjet 800 Printer Series (x32 Version:  - Hewlett-Packard Co.)
HP Web Jetadmin 10.2 (Version: 10.02.0010 - Ihr Firmenname)
HP Webregistrierung (x32 Version: 1.0.0.0 - Hewlett Packard, Co.) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Network Connections 15.2.89.0 (Version: 15.2.89.0 - Dell)
Intel(R) Network Connections 15.2.89.0 (Version: 15.2.89.0 - Dell) Hidden
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 51 (64-bit) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Juniper Networks Secure Meeting 7.0.0 (HKCU Version: 7.0.0.19821 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.2.10.35713 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Junos Pulse Collaboration 7.2.0 Admin (x32 Version: 7.2.25035 - Juniper Networks) Hidden
Kalenderchen 5 (x32 Version:  - Daniel Manger)
LG MC USB Modem driver (x32 Version: 1.0.0.0000 - LG Electronics)
LG PC Suite III (x32 Version: 1.0.0.0 - LG Electronics) Hidden
LG USB Modem Drivers (x32 Version: 4.9.4 - LG Electronics)
LOGINventory5 (x32 Version: 5.10.0.5630 - Schmidt's LOGIN GmbH)
Look@LAN 2.50 Build 35 (x32 Version:  - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Report Viewer 2012-Laufzeit (x32 Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (x32 Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-Bit) (Version:  - ) Hidden
Microsoft SQL Server 2012 (64-Bit) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 RsFx Driver (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2012 Setup (English) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012-Richtlinien  (x32 Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Native Client (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x32 Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Virtual PC 2007 SP1 (Version: 6.0.192.0 - Microsoft Corporation)
Microsoft Visio Professional 2002 [DEU] (x32 Version: 10.2.5111 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - DEU (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer für SQL Server 2012 (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (Version: 11.1.3000.0 - Microsoft Corporation)
MiniTool Partition Recovery 5.0 (x32 Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
NICI (64 bit) (Version: 2.7.6 - Novell, Inc.)
NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1) (x32 Version:  - )
NMAS Challenge Response Method (Version: 2.8.1.0 - Novell, Inc.)
NMAS Client (Version: 3.4.4.3 - Novell, Inc.)
Novell Client for Windows (Version: 2 SP1 (IR8) - Novell, Inc.)
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
PE Builder 3.1.10a (x32 Version:  - Bart Lagerweij)
PowerDVD DX (x32 Version: 8.3.5424 - CyberLink Corp.)
Preboot Manager (Version: 03.01.00.084 - Wave Systems Corp.) Hidden
PureSync (x32 Version: 3.7.5 - Jumping Bytes) Hidden
PureSync 3.7.5 (x32 Version: 3.7.5 - Jumping Bytes)
PuTTY version 0.63 (x32 Version: 0.63 - Simon Tatham)
Rainlendar2 (remove only) (x32 Version:  - )
RarZilla Free Unrar (x32 Version: 2.90 - Philipp Winterberg)
Replay Media Catcher 4 (4.3.0) (x32 Version: 4.3.0 - Applian Technologies)
Revo Uninstaller 1.93 (x32 Version: 1.93 - VS Revo Group)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (x32 Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Service Pack 1 für SQL Server 2012 (KB2674319) (64-bit) (Version: 11.1.3000.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Service Pack 3 für SQL Server 2008 (KB2546951) (64-bit) (Version: 10.3.5500.0 - Microsoft Corporation)
SilverFast CanonSDK 6.6.1r7 (x32 Version:  - LaserSoft Imaging AG)
Skins (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
SolarWinds TFTP Server (x32 Version: 10.9.0.25 - SolarWinds)
SQL Server 2012 Client Tools (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server-Browser für SQL Server 2012 (x32 Version: 11.1.3000.0 - Microsoft Corporation)
STK02N 2.0 (x32 Version: 2.0 - Syntek)
Symantec Endpoint Protection (Version: 12.1.4013.4013 - Symantec Corporation)
Tools für Microsoft SQL Server 2005 Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Trusted Drive Manager (Version: 3.3.3.104 - Wave Systems Corp.) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (x32 Version: 9.00.5000.00 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
Visual Studio 2010 Prerequisites - English (Version: 10.0.40219 - Microsoft Corporation)
Wave Infrastructure Installer (Version: 07.65.31.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.11.00.040 - Ihr Firmenname) Hidden
Wave Support Software (x32 Version:  - ) Hidden
Windows Automated Installation Kit (Version: 2.0.0.0 - Microsoft Corporation)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
Windows XP Mode (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Winmail Opener 1.4 (x32 Version: 1.4 - Eolsoft)
winpcap-overlook 4.02 (x32 Version:  - )
WinRAR Archivierer (x32 Version:  - )
Xilisoft Video Converter Ultimate 6 (x32 Version: 6.5.3.0316 - Xilisoft)
XnView 1.99.1 (x32 Version: 1.99.1 - Gougelet Pierre-e)

==================== Restore Points  =========================

17-02-2014 08:55:52 Wiederherstellungsvorgang
17-02-2014 09:26:59 Removed Junos Pulse Collaboration 7.2.0 Admin
17-02-2014 09:35:18 Wiederherstellungsvorgang
17-02-2014 09:57:04 Removed Junos Pulse Collaboration 7.2.0 Admin
17-02-2014 10:20:39 Windows Update

==================== Hosts content: ==========================

2013-12-12 09:28 - 2014-02-12 10:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {5A44D132-3B3A-4FD1-8DA0-004A206323BA} - System32\Tasks\LOGINquiry5 Task => C:\Program Files (x86)\LOGIN\LOGINventory5\LOGINquiry.exe [2013-01-17] (Schmidt's LOGIN GmbH)
Task: {66FDE5B0-F1C4-478E-B90C-AE3D59BCAFF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-14] (Google Inc.)
Task: {A2C61792-CA50-4843-B6FF-7F7AAEA5AD82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-12] (Adobe Systems Incorporated)
Task: {C52E1427-5313-4C6A-B9F0-012758F9E1D5} - System32\Tasks\LOGINsert5 Task => C:\Program Files (x86)\LOGIN\LOGINventory5\LOGINsert.exe [2013-01-17] (Schmidt's LOGIN GmbH)
Task: {D96CB39F-5149-4C8D-A371-D1B34BDFD90B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {F369652A-DDCA-4629-B752-0FC3BD2C5939} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-14] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LOGINquiry5 Task.job => C:\Program Files (x86)\LOGIN\LOGINventory5\LOGINquiry.exe
Task: C:\Windows\Tasks\LOGINsert5 Task.job => C:\Program Files (x86)\LOGIN\LOGINventory5\LOGINsert.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-03-22 15:26 - 2005-06-07 12:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2010-12-03 09:42 - 2011-07-17 21:22 - 01041496 _____ () C:\Windows\system32\ncnetprovider.dll
2011-07-17 21:22 - 2011-07-17 21:22 - 00125016 _____ () C:\Windows\system32\NCLangID.dll
2011-07-17 21:22 - 2011-07-17 21:22 - 00183384 _____ () C:\Windows\system32\MAPBASE.dll
2010-12-03 09:42 - 2011-07-17 21:22 - 00280664 _____ () C:\Windows\system32\NWSHLXNT.dll
2010-12-03 09:42 - 2009-11-13 08:28 - 00016896 _____ () C:\Windows\system32\nls\DEUTSCH\NCLangIDR.DLL
2010-12-03 09:42 - 2009-11-13 08:28 - 00094208 _____ () C:\Windows\system32\nls\DEUTSCH\MAPBASER.DLL
2010-12-03 09:42 - 2009-11-13 08:28 - 00110592 _____ () C:\Windows\system32\nls\DEUTSCH\NWSHLXNTR.DLL
2010-12-03 09:42 - 2009-11-13 08:28 - 00503808 _____ () C:\Windows\system32\nls\DEUTSCH\ncnetproviderR.DLL
2011-07-17 21:22 - 2011-07-17 21:22 - 00045656 _____ () C:\Windows\System32\nwtray.exe
2010-12-03 09:42 - 2011-07-17 21:22 - 01041496 _____ () C:\Windows\System32\NCNetProvider.DLL
2011-07-17 21:22 - 2011-07-17 21:22 - 00125016 _____ () C:\Windows\System32\NCLangID.dll
2011-07-17 21:22 - 2011-07-17 21:22 - 00183384 _____ () C:\Windows\System32\MAPBASE.dll
2010-12-03 09:42 - 2011-07-17 21:22 - 00280664 _____ () C:\Windows\System32\NWSHLXNT.dll
2010-12-03 09:42 - 2009-11-13 08:28 - 00016896 _____ () C:\Windows\System32\nls\DEUTSCH\NCLangIDR.DLL
2010-12-03 09:42 - 2009-11-13 08:28 - 00094208 _____ () C:\Windows\System32\nls\DEUTSCH\MAPBASER.DLL
2010-12-03 09:42 - 2009-11-13 08:28 - 00110592 _____ () C:\Windows\System32\nls\DEUTSCH\NWSHLXNTR.DLL
2010-12-03 09:42 - 2009-11-13 08:28 - 00503808 _____ () C:\Windows\System32\nls\DEUTSCH\NCNetProviderR.DLL
2012-07-24 09:05 - 2012-07-24 09:05 - 02498048 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2008-11-18 13:25 - 2008-11-18 13:25 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-11-10 08:57 - 2010-11-10 08:57 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-08-09 14:30 - 2013-08-09 14:30 - 00330096 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\apistrings.dll
2013-08-09 14:40 - 2013-08-09 14:40 - 00163696 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\modlop.dll
2013-09-24 09:41 - 2013-09-24 09:41 - 00251760 _____ () C:\Program Files (x86)\GFI\LanGuard 12\lnssalerter.dll
2013-08-09 14:36 - 2013-08-09 14:36 - 00120176 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\httpserverattplugin.dll
2013-08-09 14:44 - 2013-08-09 14:44 - 00217456 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\patchautodownload.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-10-23 09:39 - 2013-10-23 09:39 - 00200560 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\scanmngsys.dll
2013-08-09 14:46 - 2013-08-09 14:46 - 00049520 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedcompactdb.dll
2013-09-19 10:38 - 2013-09-19 10:38 - 00065392 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedupdates.dll
2003-05-08 16:17 - 2003-05-08 16:17 - 00098304 _____ () C:\Program Files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfi_log.dll
2013-08-09 14:30 - 2013-08-09 14:30 - 00330096 _____ () C:\Program Files (x86)\GFI\LanGuard 12\apistrings.dll
2013-07-14 11:02 - 2013-07-14 11:02 - 00114176 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\Httpd\bin\pcre.dll
2011-06-29 10:39 - 2011-06-29 10:39 - 00166912 _____ () C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\HP.Common.System.OS.dll
2011-06-29 11:05 - 2011-06-29 11:05 - 01271296 _____ () C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\HP.Common.System.dll
2011-06-29 10:51 - 2011-06-29 10:51 - 00101888 _____ () C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\HP.Common.System.Data.BC.dll
2011-06-29 10:51 - 2011-06-29 10:51 - 00052736 _____ () C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\LDAPWrapper.dll
2011-06-29 10:42 - 2011-06-29 10:42 - 00303104 _____ () C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\PosixLib.dll
2011-06-29 10:50 - 2011-06-29 10:50 - 00627200 _____ () C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\HeimdalKerberos.dll
2011-06-29 10:44 - 2011-06-29 10:44 - 00073216 _____ () C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\OPENSSL-APPS.dll
2011-06-29 10:44 - 2011-06-29 10:44 - 01449472 _____ () C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\libeay32.dll
2011-06-29 10:50 - 2011-06-29 10:50 - 00291328 _____ () C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\HP.System.DoDCAC.CIFSWrapper.dll
2011-06-29 10:51 - 2011-06-29 10:51 - 00094208 _____ () C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\SSPIWrapper.dll
2014-02-12 08:56 - 2014-02-12 08:56 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a49f11fc4544aadc51c504f0ee3c1028\IsdiInterop.ni.dll
2010-11-10 08:54 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-07-24 09:05 - 2012-07-24 09:05 - 00140800 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll
2012-07-24 09:05 - 2012-07-24 09:05 - 00198144 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2012-07-24 09:05 - 2012-07-24 09:05 - 00012800 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2013-10-30 15:00 - 2013-12-05 20:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-30 15:08 - 2013-12-18 21:05 - 00016808 _____ () C:\Program Files (x86)\Java\jre7\bin\jp2native.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2003-07-11 02:09 - 2003-07-11 02:09 - 00048192 _____ () C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL
2013-08-09 14:06 - 2013-08-09 14:06 - 00262744 _____ () C:\Program Files (x86)\GFI\LanGuard 12\DevExpress.XtraGauges.v12.2.Win.dll
2013-08-09 14:40 - 2013-08-09 14:40 - 00163696 _____ () C:\Program Files (x86)\GFI\LanGuard 12\modlop.dll
2013-08-09 14:06 - 2013-08-09 14:06 - 00049152 _____ () C:\Program Files (x86)\GFI\LanGuard 12\de\DevExpress.XtraEditors.v12.2.resources.dll
2013-08-09 14:06 - 2013-08-09 14:06 - 00665600 _____ () C:\Program Files (x86)\GFI\LanGuard 12\VirtualTreesR17.bpl
2013-08-09 14:34 - 2013-08-09 14:34 - 00632176 _____ () C:\Program Files (x86)\GFI\LanGuard 12\exporter.dll
2013-08-09 14:06 - 2013-08-09 14:06 - 00351744 _____ () C:\Program Files (x86)\GFI\LanGuard 12\TMSUnicodeDXE3.bpl
2013-10-28 08:26 - 2013-10-28 08:26 - 02705776 _____ () C:\Program Files (x86)\GFI\LanGuard 12\schedulescanui.dll
2013-08-09 14:20 - 2013-08-09 14:20 - 00130928 _____ () C:\Program Files (x86)\GFI\LanGuard 12\ADInquirer.dll
2013-08-09 14:24 - 2013-08-09 14:24 - 00046960 _____ () C:\Program Files (x86)\GFI\LanGuard 12\ConfigurationWrapperUI.dll
2013-08-09 14:39 - 2013-08-09 14:39 - 00887152 _____ () C:\Program Files (x86)\GFI\LanGuard 12\lnssinstsql.dll
2013-08-09 14:17 - 2013-08-09 14:17 - 00228208 _____ () C:\Program Files (x86)\GFI\LanGuard 12\SSMonitor.dll
2013-08-09 14:06 - 2013-08-09 14:06 - 02113536 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\python25.dll
2013-08-09 14:48 - 2013-08-09 14:48 - 00177520 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\selm_ap.dll
2013-08-09 14:06 - 2013-08-09 14:06 - 00351744 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\TMSUnicodeDXE3.bpl
2013-09-30 15:08 - 2013-12-18 21:05 - 00201640 _____ () C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
2013-08-09 14:30 - 2013-08-09 14:30 - 00330096 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\APIStrings.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^r^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BUFFALO NAS Navigator2.lnk => C:\Windows\pss\BUFFALO NAS Navigator2.lnk.Startup
MSCONFIG\startupfolder: C:^Users^r^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kalenderchen 5.lnk => C:\Windows\pss\Kalenderchen 5.lnk.Startup
MSCONFIG\startupfolder: C:^Users^r^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NAS Scheduler.lnk => C:\Windows\pss\NAS Scheduler.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: DMS-Kalenderchen => "C:\Program Files (x86)\Kalenderchen\Kalenderchen.exe" /autorun
MSCONFIG\startupreg: Download Protect => C:\ProgramData\dlprotect.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\r\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: OODITRAY.EXE => C:\Program Files\OO Software\DiskImage\ooditray.exe
MSCONFIG\startupreg: PureSync => "C:\Program Files (x86)\PureSync\PureSyncTray.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: USCService => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2014 10:51:00 AM) (Source: Symantec AntiVirus) (User: )
Description: Symantec Endpoint Protection hat erkannt, dass die Virendefinitionen auf diesem Computer fehlen. Dieser Computer ist erst vor Viren geschützt, wenn die Virendefinitionen heruntergeladen wurden.In der Anwendung ist ein Fehler aufgetreten.
Weitere Informationen: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.4013.4013&language=german&module=1000&error=0009&build=symantec_ent

Error: (02/17/2014 10:48:34 AM) (Source: Symantec AntiVirus) (User: )
Description: Symantec Endpoint Protection hat erkannt, dass die Virendefinitionen auf diesem Computer fehlen. Dieser Computer ist erst vor Viren geschützt, wenn die Virendefinitionen heruntergeladen wurden.In der Anwendung ist ein Fehler aufgetreten.
Weitere Informationen: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.4013.4013&language=german&module=1000&error=0009&build=symantec_ent

Error: (02/17/2014 10:25:46 AM) (Source: System Restore) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: 0x80070020.

Error: (02/17/2014 10:08:07 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/17/2014 10:08:07 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/17/2014 10:08:07 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/17/2014 10:08:07 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (02/17/2014 10:08:07 AM) (Source: System Restore) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Modules Installer). Zusätzliche Informationen: 0x80070020.

Error: (02/17/2014 10:08:03 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/17/2014 10:08:03 AM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)


System errors:
=============
Error: (02/18/2014 10:07:38 AM) (Source: DCOM) (User: )
Description: 192.168.132.65

Error: (02/18/2014 10:07:17 AM) (Source: DCOM) (User: )
Description: 192.168.132.65

Error: (02/18/2014 10:04:42 AM) (Source: DCOM) (User: )
Description: 192.168.132.65

Error: (02/18/2014 10:04:19 AM) (Source: DCOM) (User: )
Description: 192.168.132.65

Error: (02/18/2014 09:56:37 AM) (Source: DCOM) (User: )
Description: 2147944122192.168.132.56{4CB43D7F-7EEE-4906-8698-60DA1C38F2FE}

Error: (02/18/2014 09:56:37 AM) (Source: DCOM) (User: )
Description: 2147944122192.168.132.56{C2E88C2F-6F5B-4AAA-894B-55C847AD3A2D}

Error: (02/18/2014 09:54:46 AM) (Source: DCOM) (User: )
Description: 2147944122192.168.132.56{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/18/2014 09:27:18 AM) (Source: DCOM) (User: )
Description: 2147944122192.168.131.138{4CB43D7F-7EEE-4906-8698-60DA1C38F2FE}

Error: (02/18/2014 09:27:18 AM) (Source: DCOM) (User: )
Description: 2147944122192.168.131.138{C2E88C2F-6F5B-4AAA-894B-55C847AD3A2D}

Error: (02/18/2014 09:26:05 AM) (Source: DCOM) (User: )
Description: 2147944122192.168.131.138{8BC3F05E-D86B-11D0-A075-00C04FB68820}


Microsoft Office Sessions:
=========================
Error: (02/17/2014 10:51:00 AM) (Source: Symantec AntiVirus)(User: )
Description: Symantec Endpoint Protection hat erkannt, dass die Virendefinitionen auf diesem Computer fehlen. Dieser Computer ist erst vor Viren geschützt, wenn die Virendefinitionen heruntergeladen wurden.In der Anwendung ist ein Fehler aufgetreten.
Weitere Informationen: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.4013.4013&language=german&module=1000&error=0009&build=symantec_ent

Error: (02/17/2014 10:48:34 AM) (Source: Symantec AntiVirus)(User: )
Description: Symantec Endpoint Protection hat erkannt, dass die Virendefinitionen auf diesem Computer fehlen. Dieser Computer ist erst vor Viren geschützt, wenn die Virendefinitionen heruntergeladen wurden.In der Anwendung ist ein Fehler aufgetreten.
Weitere Informationen: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.4013.4013&language=german&module=1000&error=0009&build=symantec_ent

Error: (02/17/2014 10:25:46 AM) (Source: System Restore)(User: )
Description: Windows Update0x80070020

Error: (02/17/2014 10:08:07 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/17/2014 10:08:07 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/17/2014 10:08:07 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/17/2014 10:08:07 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (02/17/2014 10:08:07 AM) (Source: System Restore)(User: )
Description: Windows Modules Installer0x80070020

Error: (02/17/2014 10:08:03 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (02/17/2014 10:08:03 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)


CodeIntegrity Errors:
===================================
  Date: 2014-02-12 10:40:15.353
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-12 10:40:15.210
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 61%
Total physical RAM: 8125.59 MB
Available physical RAM: 3120.13 MB
Total Pagefile: 16249.37 MB
Available Pagefile: 11087.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:464.79 GB) (Free:315.27 GB) NTFS
Drive d: (Daten) (Fixed) (Total:465.76 GB) (Free:331.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 90000000)
Partition 1: (Not Active) - (Size=243 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5D0A3E88)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
__________________
Alt 18.02.2014, 17:01   #4
Andreas-Kiel
 
Nach Combofix immer "Fehlerwiederherstellungsmodus" - Standard

Nach Combofix immer "Fehlerwiederherstellungsmodus"


Hallo Schrauber,

in den Protokollen habe ich gesehen, daß mehrere der von mir schon entfernten Einträge wieder drin sind. Dies kommt ja vermutlich wegen der Systemwiederherstellung. Sorry, da hatte ich nicht dran gedacht. Um wieder einen vernünftigen Status Quo zu erreichen und Dir doppelte Arbeit zu ersparen, habe ich die vorher von mir gemachten Aktionen (MBAM, Autostart etc.) nochmal gemacht.
In einem anderen Post hatte ein anderer User auch dieses identische Problem mit dem selben Hijacker und Du hattest Ihn gebeten, SC Cleaner und JRT durchlaufen zu lassen und die Protokolle zu posten. Dies habe ich auch getan und poste sie (SC Cleaner hat nichts gefunden).

Der neue Stand ist jetzt, daß sich beide Browser mit der richtigen Startseite öffnen, der awesome also vermutlich weg ist?!?

Es bleibt jetzt "nur" noch das Problem mit meinem fälschlicherweise gestartetem Combofix und dem Fehlerwiederherstellungsmodus.

aktuelle Protokolle:

ADWCleaner:
Code:
ATTFilter
# AdwCleaner v3.019 - Bericht erstellt am 18/02/2014 um 15:42:51
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : r - PC
# Gestartet von : C:\Users\r\Downloads\adwcleaner_3.0.1.9.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Users\r\AppData\Local\genienext
Ordner Gelöscht : C:\Users\r\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\r\Documents\Mobogenie

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\r\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\r\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\r\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\r\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKCU\Software\caphyon
Schlüssel Gelöscht : HKLM\Software\caphyon
Schlüssel Gelöscht : HKLM\Software\Description
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16798


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\r\AppData\roaming\Mozilla\Firefox\Profiles\wxddxnol.default\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ Datei : C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [13476 octets] - [11/02/2014 11:35:41]
AdwCleaner[R1].txt - [1300 octets] - [17/02/2014 10:59:44]
AdwCleaner[R2].txt - [3830 octets] - [18/02/2014 15:40:03]
AdwCleaner[S0].txt - [13256 octets] - [11/02/2014 11:36:27]
AdwCleaner[S1].txt - [1361 octets] - [17/02/2014 11:00:22]
AdwCleaner[S2].txt - [2983 octets] - [18/02/2014 15:42:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3043 octets] ##########
SC Cleaner ohne Befund
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x64
Ran by r on 18.02.2014 at 16:21:07,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\RENA321.tmp
Successfully deleted: [File] C:\Windows\syswow64\RENA322.tmp
Successfully deleted: [File] C:\Windows\syswow64\RENA361.tmp
Successfully deleted: [File] C:\Windows\syswow64\RENA362.tmp
Successfully deleted: [File] C:\Windows\syswow64\RENA363.tmp
Successfully deleted: [File] C:\Windows\syswow64\RENAA58.tmp
Successfully deleted: [File] C:\Windows\syswow64\RENAA59.tmp
Successfully deleted: [File] C:\Windows\syswow64\RENAA5A.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Users\r\AppData\Roaming\getrighttogo"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\r\AppData\Roaming\mozilla\firefox\profiles\wxddxnol.default\extensions\staged
Emptied folder: C:\Users\r\AppData\Roaming\mozilla\firefox\profiles\wxddxnol.default\minidumps [84 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.02.2014 at 16:26:45,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST: (Additions kam nicht mehr?)

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by r (administrator) on PC on 18-02-2014 16:47:22
Running from C:\Users\r\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
(GFI Software Ltd.) C:\Program Files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\HP.Dss.App.WinService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe
() C:\Windows\System32\nwtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Syntek Ltd.) C:\Windows\STK02N\STK02NM.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(SolarWinds) C:\Program Files (x86)\SolarWinds\TFTP Server\SolarWinds TFTP Server.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NWTRAY] - C:\Windows\system32\NWTRAY.EXE [45656 2011-07-17] ()
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-06-22] (Analog Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-13] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll [X]
HKU\S-1-5-21-2758990797-477802305-3347868275-1000\...\Run: [Rainlendar2] - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2498048 2012-07-24] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de
URLSearchHook: HKCU - (No Name) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {BEF961E3-EF8D-441A-9084-5E2DC57B0436} URL = 
SearchScopes: HKCU - {D65B6369-8774-4C5B-8595-C3BDDE73900B} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {78E516EF-11DE-47A1-8364-A99B917EC5EE} -  No File
Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} -  No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.mri.bund.de/dana-cached/sc/JuniperSetupClient.cab
Handler: li5bin - {1E39F80A-E02D-40CC-AA23-9620BC3F2A0B} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: li5bin - {1E39F80A-E02D-40CC-AA23-9620BC3F2A0B} - C:\Program Files (x86)\LOGIN\LOGINventory5\LoginProtocolHandler.dll (Schmidt's LOGIN GmbH)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{7F61B47B-6AD0-4DF2-AD69-1E21255FCA0D}: [NameServer]172.29.65.194,172.29.65.195

FireFox:
========
FF ProfilePath: C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF NetworkProxy: "ftp", "195.68.150.50"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "195.68.150.50"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "195.68.150.50"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "195.68.150.50"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\nptcl31.dll (ActiveState Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\pluginhostctrl.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Lightning Speed Dial - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default\Extensions\lightningnewtab@gmail.com [2014-02-17]
FF Extension: DownloadHelper - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-12]
FF Extension: Extension_Protected - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-02-07]
FF Extension: Stealthy - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default\Extensions\stealthyextension@gmail.com.xpi [2011-04-08]
FF Extension: WorldIP - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default\Extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi [2012-06-14]
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{68F9AD69-B12D-4C6C-8427-AAC1ED4E8439} [2014-02-10]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF [2013-11-11]
FF HKLM-x32\...\Firefox\Extensions: [{68F9AD69-B12D-4C6C-8427-AAC1ED4E8439}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{68F9AD69-B12D-4C6C-8427-AAC1ED4E8439}
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{68F9AD69-B12D-4C6C-8427-AAC1ED4E8439} [2014-02-10]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Download Protect) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\demhbiiflflpchkfpekojbmiolpkpjdk [2014-02-10]
CHR Extension: (Download Protect) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\mimnngjpfeanaheehdpfondeelejcddd [2014-02-06]
CHR Extension: (Google Wallet) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [135536 2013-08-09] (GFI Software Development Ltd.)
S4 gfi_lanss9_attservice; C:\Program Files (x86)\GFI\LANguard 9\lnssatt.exe [329144 2010-11-13] (GFI Software Ltd.)
R2 GFI_ReportCenter35; C:\Program Files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe [111912 2009-06-16] (GFI Software Ltd.)
S2 HPWJAService; C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe [45056 2011-07-14] (Hewlett-Packard Development Company, L.P.)
R2 HPWSProAdapter; C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\HP.Dss.App.WinService.exe [9728 2011-06-29] (Hewlett-Packard)
R2 MSSQL$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [192000 2012-12-29] (Microsoft Corporation)
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251760 2012-03-29] (BUFFALO INC.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2013-11-08] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2013-11-08] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2013-11-08] (Symantec Corporation)
R2 SolarWinds TFTP Server; C:\Program Files (x86)\SolarWinds\TFTP Server\SolarWinds TFTP Server.exe [60928 2012-12-10] (SolarWinds)
S4 SQLAgent$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [612864 2012-12-29] (Microsoft Corporation)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [19544 2011-07-17] (Novell, Inc.)

==================== Drivers (Whitelisted) ====================

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
S3 AtiDCM; C:\ATI\Support\11-8_vista64_win7_64_dd_ccc_ocl\Bin64\atdcm64a.sys [26752 2011-07-28] (Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20140121.011\BHDrvx64.sys [1526488 2014-01-14] (Symantec Corporation)
R1 ccSettings_{B1B5C4BC-65F0-4679-B31C-7B031940DC2E}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2013-11-08] (Symantec Corporation)
S3 DCamUSBSTK02N; C:\Windows\System32\DRIVERS\STK02NW2.sys [106496 2007-03-12] (Syntek Ltd.)
S3 DCamUSBSTK02N; C:\Windows\SysWOW64\DRIVERS\STK02NW2.sys [101520 2007-03-12] (Syntek Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-22] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20140217.011\IDSvia64.sys [521944 2014-02-17] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140217.066\ENG64.SYS [126040 2014-02-17] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140217.066\EX64.SYS [2099288 2014-02-17] (Symantec Corporation)
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [113240 2011-07-17] ()
S3 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [106072 2011-07-17] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [89688 2011-07-17] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [119384 2011-07-17] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [26200 2011-07-17] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [31320 2011-07-17] (Novell, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [40464 2009-02-08] (CACE Technologies)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-04-09] ()
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-08-29] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-08-29] (RapidSolution Software AG)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-19] (Microsoft Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2013-11-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2013-11-08] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2013-11-08] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2013-11-08] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2013-11-08] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2013-11-08] (Symantec Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [294248 2011-05-30] (Microsoft Corporation)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [79448 2011-07-17] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [77912 2011-07-17] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [49240 2011-07-17] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [19544 2011-07-17] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [83032 2011-07-17] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [39000 2011-07-17] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [55896 2011-07-17] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [33880 2011-07-17] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [25176 2011-07-17] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [35928 2011-07-17] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [58456 2011-07-17] (Novell, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 oodiseml; \??\C:\Users\r\AppData\Local\Temp\OOBPSFXDE\oodiseml64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-18 16:28 - 2014-02-18 16:28 - 00001566 _____ () C:\Users\r\Downloads\JRT.txt
2014-02-18 16:26 - 2014-02-18 16:26 - 00001566 _____ () C:\Users\r\Desktop\JRT.txt
2014-02-18 16:20 - 2014-02-18 16:20 - 00003112 _____ () C:\Users\r\Downloads\AdwCleaner[S2].txt
2014-02-18 16:20 - 2014-02-18 16:20 - 00001772 _____ () C:\sc-cleaner.txt
2014-02-18 16:20 - 2014-02-18 16:20 - 00000000 ____D () C:\Windows\ERUNT
2014-02-18 15:42 - 2014-02-18 15:42 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\sc-cleaner.exe
2014-02-18 15:41 - 2014-02-18 15:42 - 01037530 _____ (Thisisu) C:\Users\r\Downloads\JRT.exe
2014-02-18 15:39 - 2014-02-18 15:39 - 01241888 _____ () C:\Users\r\Downloads\adwcleaner_3.0.1.9.exe
2014-02-18 12:04 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-02-18 12:01 - 2014-02-18 12:01 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-18 12:01 - 2014-02-18 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-18 12:01 - 2014-02-18 12:01 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-18 12:01 - 2014-02-18 12:01 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-18 12:01 - 2014-02-18 12:01 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-02-18 12:01 - 2014-02-18 12:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-18 12:01 - 2014-02-18 12:01 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-18 12:01 - 2014-02-18 12:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-02-18 12:01 - 2014-02-18 12:01 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-18 12:01 - 2014-02-18 12:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-02-18 12:01 - 2014-02-18 12:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-18 10:31 - 2014-02-18 10:47 - 00044669 _____ () C:\Users\r\Downloads\Addition.txt
2014-02-18 10:30 - 2014-02-18 16:47 - 00024195 _____ () C:\Users\r\Downloads\FRST.txt
2014-02-18 10:30 - 2014-02-18 16:47 - 00000000 ____D () C:\FRST
2014-02-18 10:29 - 2014-02-18 10:29 - 02152448 _____ (Farbar) C:\Users\r\Downloads\FRST64.exe
2014-02-17 11:20 - 2013-11-27 00:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-17 11:20 - 2013-11-26 23:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-17 11:15 - 2014-02-17 11:16 - 00000000 ___SD () C:\ComboFix
2014-02-17 10:28 - 2014-02-17 10:28 - 00000000 ____D () C:\Users\r\AppData\Local\Juniper Networks
2014-02-17 07:44 - 2014-02-17 07:44 - 00031701 _____ () C:\ComboFix.txt
2014-02-12 13:07 - 2014-02-18 12:04 - 00015416 _____ () C:\Windows\IE11_main.log
2014-02-12 10:26 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-12 10:26 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-12 10:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-12 10:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-12 10:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-12 10:26 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-12 10:26 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-12 10:26 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-12 10:21 - 2014-02-17 11:15 - 00000000 ____D () C:\Qoobox
2014-02-12 10:21 - 2014-02-17 10:40 - 00000000 ____D () C:\Windows\erdnt
2014-02-12 10:20 - 2014-02-12 10:20 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill64-31163.exe
2014-02-12 10:19 - 2014-02-12 10:19 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill64.exe
2014-02-12 10:18 - 2014-02-12 10:21 - 05180679 ____R (Swearware) C:\Users\r\Downloads\ComboFix.exe
2014-02-12 10:18 - 2014-02-12 10:18 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill.exe
2014-02-12 08:36 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-12 08:36 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-12 08:36 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-12 08:36 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-12 08:36 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-12 08:36 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-12 08:36 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-12 08:36 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-12 08:36 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-12 08:36 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-12 08:36 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-12 08:36 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-12 08:36 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-12 08:36 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-12 08:36 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-12 08:36 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-12 08:15 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 08:15 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 08:15 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 08:15 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 08:15 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 08:15 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 08:15 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 08:15 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 08:15 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 08:15 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 08:15 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 08:15 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 08:15 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 08:15 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 08:15 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 08:15 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 08:15 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 08:15 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 08:15 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 08:15 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 08:15 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 08:15 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 08:15 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 08:15 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 08:15 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 08:15 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 08:15 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 08:15 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 08:15 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-12 08:15 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-11 11:53 - 2014-02-11 11:53 - 01259653 _____ (SWE Sven Ritter ) C:\Users\r\Downloads\chpe6224_6226vstw7-medion-olli.exe
2014-02-11 11:52 - 2014-02-11 12:22 - 346987473 _____ (SWE Sven Ritter ) C:\Users\r\Downloads\wlane6224_6226vstw7-medion-olli.exe
2014-02-11 11:35 - 2014-02-18 15:43 - 00000000 ____D () C:\AdwCleaner
2014-02-10 09:03 - 2014-02-10 09:03 - 00000600 _____ () C:\Users\r\AppData\Local\PUTTY.RND
2014-02-07 14:25 - 2014-02-07 14:28 - 00000000 ____D () C:\Users\r\Documents\oki-5450
2014-02-07 12:26 - 2014-02-07 12:26 - 00000000 ____D () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection Manager
2014-02-07 11:59 - 2014-02-11 11:32 - 00000000 ____D () C:\Program Files (x86)\MiniGet
2014-02-07 11:59 - 2014-02-07 11:59 - 00000000 ____D () C:\Users\r\AppData\Roaming\MiniGet
2014-02-07 11:56 - 2014-02-07 12:00 - 00000000 ____D () C:\Users\r\AppData\Local\cache
2014-02-07 11:56 - 2014-02-07 11:56 - 00000000 ____D () C:\Users\r\.android
2014-02-07 11:56 - 2014-02-07 11:56 - 00000000 _____ () C:\Users\r\daemonprocess.txt
2014-02-05 16:50 - 2014-02-05 16:50 - 00001903 _____ () C:\Users\r\Downloads\config1 (1).pcc
2014-02-05 15:53 - 2014-02-05 15:53 - 03640370 _____ () C:\Users\r\Downloads\2510G-Software-Y1144.zip
2014-02-05 15:26 - 2014-02-05 15:27 - 00000000 ____D () C:\TFTP-Root
2014-02-05 15:26 - 2014-02-05 15:26 - 00002227 _____ () C:\Users\r\Desktop\TFTP Server.lnk
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SolarWinds TFTP Server
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Users\r\AppData\Local\SolarWinds
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Program Files (x86)\SolarWinds
2014-02-05 15:25 - 2014-02-05 15:26 - 00000000 ____D () C:\ProgramData\SolarWinds
2014-02-05 15:25 - 2014-02-05 15:25 - 01292454 _____ () C:\Users\r\Downloads\solarwinds-tftp-server.zip
2014-02-05 15:25 - 2014-02-05 15:25 - 00000000 ____D () C:\Users\r\AppData\Local\Applications
2014-02-05 15:13 - 2014-02-05 15:13 - 00000987 _____ () C:\Users\r\Desktop\PuTTY.lnk
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Program Files (x86)\PuTTY
2014-02-05 15:12 - 2014-02-05 15:12 - 01869122 _____ (Simon Tatham ) C:\Users\r\Downloads\putty-0.63-installer.exe
2014-02-05 15:09 - 2014-02-05 15:08 - 00495616 _____ (Simon Tatham) C:\Users\r\Desktop\putty_0.63.exe
2014-02-05 15:08 - 2014-02-05 15:08 - 00495616 _____ (Simon Tatham) C:\Users\r\Downloads\putty_0.63.exe
2014-02-05 14:50 - 2014-02-05 14:50 - 00238929 _____ () C:\Users\r\Downloads\termv19b.zip
2014-01-31 10:55 - 2014-01-31 10:55 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-31 10:55 - 2014-01-31 10:55 - 00000000 ____D () C:\Program Files\Java
2014-01-30 16:25 - 2014-01-30 16:26 - 14886828 _____ () C:\Users\r\Downloads\yl-zl-6600-3500-Software-K.15.13.0005.zip
2014-01-29 12:16 - 2014-01-29 12:16 - 00000000 ____D () C:\Users\r\Downloads\symantec-cleaner
2014-01-28 09:58 - 2014-01-28 09:59 - 00001948 _____ () C:\Users\r\Downloads\switch200-61.txt
2014-01-28 09:49 - 2014-01-28 09:49 - 00001919 _____ () C:\Users\r\Downloads\config1.pcc
2014-01-28 09:44 - 2014-01-28 09:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-28 09:42 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-28 09:42 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-28 09:42 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-28 09:42 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-28 09:39 - 2014-01-28 09:42 - 00005298 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-28 08:19 - 2014-01-28 08:19 - 00096037 _____ () C:\Users\r\Downloads\FW-Kiel-2014-01.txt
2014-01-22 09:02 - 2014-01-22 09:02 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-22 09:02 - 2014-01-22 09:02 - 00000000 ____D () C:\Users\r\AppData\Roaming\Malwarebytes
2014-01-22 09:02 - 2014-01-22 09:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-22 09:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-21 08:35 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-21 08:35 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-20 16:34 - 2014-01-20 16:34 - 53266432 _____ () C:\Users\r\Downloads\R113P_RK11_RCD_Express_ea_2011-04-28_15-03-47.iso
2014-01-20 16:12 - 2014-01-20 16:16 - 51869728 _____ () C:\Users\r\Downloads\rk_free.exe
2014-01-20 16:07 - 2014-01-20 16:11 - 153114624 _____ () C:\Users\r\Downloads\Trinity_Rescue_Kit_3.4_PC-WELT-Edition.iso
2014-01-20 16:05 - 2014-01-20 16:07 - 17954672 _____ (EaseUS ) C:\Users\r\Downloads\partition_recovery_5.6.1.exe

==================== One Month Modified Files and Folders =======

2014-02-18 16:47 - 2014-02-18 10:30 - 00024195 _____ () C:\Users\r\Downloads\FRST.txt
2014-02-18 16:47 - 2014-02-18 10:30 - 00000000 ____D () C:\FRST
2014-02-18 16:45 - 2009-07-14 05:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-18 16:45 - 2009-07-14 05:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-18 16:43 - 2009-07-14 06:10 - 01542678 _____ () C:\Windows\WindowsUpdate.log
2014-02-18 16:37 - 2012-11-30 12:04 - 00000000 ____D () C:\Users\r\.rainlendar2
2014-02-18 16:35 - 2013-01-30 08:06 - 00023599 _____ () C:\Windows\setupact.log
2014-02-18 16:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-18 16:29 - 2012-12-04 08:50 - 00000000 ____D () C:\Windows\pss
2014-02-18 16:28 - 2014-02-18 16:28 - 00001566 _____ () C:\Users\r\Downloads\JRT.txt
2014-02-18 16:26 - 2014-02-18 16:26 - 00001566 _____ () C:\Users\r\Desktop\JRT.txt
2014-02-18 16:20 - 2014-02-18 16:20 - 00003112 _____ () C:\Users\r\Downloads\AdwCleaner[S2].txt
2014-02-18 16:20 - 2014-02-18 16:20 - 00001772 _____ () C:\sc-cleaner.txt
2014-02-18 16:20 - 2014-02-18 16:20 - 00000000 ____D () C:\Windows\ERUNT
2014-02-18 16:12 - 2010-12-03 09:23 - 00001427 _____ () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-18 15:50 - 2010-11-10 17:38 - 00000000 ____D () C:\Windows\Panther
2014-02-18 15:45 - 2013-05-27 13:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-18 15:45 - 2013-02-06 14:25 - 01252560 _____ () C:\Windows\PFRO.log
2014-02-18 15:43 - 2014-02-11 11:35 - 00000000 ____D () C:\AdwCleaner
2014-02-18 15:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-18 15:42 - 2014-02-18 15:42 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\sc-cleaner.exe
2014-02-18 15:42 - 2014-02-18 15:41 - 01037530 _____ (Thisisu) C:\Users\r\Downloads\JRT.exe
2014-02-18 15:39 - 2014-02-18 15:39 - 01241888 _____ () C:\Users\r\Downloads\adwcleaner_3.0.1.9.exe
2014-02-18 12:06 - 2011-03-15 08:43 - 00003097 _____ () C:\Users\r\Desktop\netzliste-lokal-gekürzt.txt
2014-02-18 12:04 - 2014-02-12 13:07 - 00015416 _____ () C:\Windows\IE11_main.log
2014-02-18 12:04 - 2013-05-27 13:30 - 00003824 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-18 12:04 - 2012-03-30 06:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-18 12:04 - 2011-05-17 07:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-18 12:04 - 2010-12-14 15:15 - 00000000 ____D () C:\Windows\Patches
2014-02-18 12:01 - 2014-02-18 12:01 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-18 12:01 - 2014-02-18 12:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-18 12:01 - 2014-02-18 12:01 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-18 12:01 - 2014-02-18 12:01 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-18 12:01 - 2014-02-18 12:01 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-02-18 12:01 - 2014-02-18 12:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-18 12:01 - 2014-02-18 12:01 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-18 12:01 - 2014-02-18 12:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-02-18 12:01 - 2014-02-18 12:01 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-18 12:01 - 2014-02-18 12:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-02-18 12:01 - 2014-02-18 12:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-02-18 12:01 - 2014-02-18 12:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-02-18 12:01 - 2014-02-18 12:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-18 11:28 - 2010-12-22 12:42 - 00000000 ____D () C:\ProgramData\Symantec
2014-02-18 10:50 - 2011-08-30 10:00 - 00000000 ____D () C:\Users\r\Documents\Outlook-Dateien
2014-02-18 10:47 - 2014-02-18 10:31 - 00044669 _____ () C:\Users\r\Downloads\Addition.txt
2014-02-18 10:29 - 2014-02-18 10:29 - 02152448 _____ (Farbar) C:\Users\r\Downloads\FRST64.exe
2014-02-17 15:51 - 2011-01-14 10:45 - 00000000 ____D () C:\Program Files (x86)\Look@LAN
2014-02-17 15:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-17 11:16 - 2014-02-17 11:15 - 00000000 ___SD () C:\ComboFix
2014-02-17 11:15 - 2014-02-12 10:21 - 00000000 ____D () C:\Qoobox
2014-02-17 10:57 - 2013-01-29 09:19 - 00000000 ____D () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2014-02-17 10:46 - 2013-09-12 11:31 - 00000000 ____D () C:\Users\MSSQLSERVER
2014-02-17 10:45 - 2010-12-03 09:22 - 00000000 ____D () C:\Users\r
2014-02-17 10:43 - 2013-10-30 15:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-17 10:43 - 2011-10-10 08:26 - 00000000 ____D () C:\Users\r\AppData\Roaming\Juniper Networks
2014-02-17 10:43 - 2011-10-04 08:00 - 00000000 ____D () C:\Users\DefaultAppPool
2014-02-17 10:43 - 2011-08-31 13:43 - 00000000 ____D () C:\Windows\Minidump
2014-02-17 10:43 - 2011-05-06 11:56 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-02-17 10:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-17 10:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-02-17 10:41 - 2011-11-29 15:14 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-17 10:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas
2014-02-17 10:40 - 2014-02-12 10:21 - 00000000 ____D () C:\Windows\erdnt
2014-02-17 10:40 - 2011-05-06 11:35 - 00000000 ____D () C:\inetpub
2014-02-17 10:40 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-17 10:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-17 10:28 - 2014-02-17 10:28 - 00000000 ____D () C:\Users\r\AppData\Local\Juniper Networks
2014-02-17 09:53 - 2013-09-12 08:40 - 00000000 ____D () C:\Users\r\AppData\Local\CrashDumps
2014-02-17 09:48 - 2010-12-03 14:07 - 00002332 ____H () C:\Users\r\Documents\Default.rdp
2014-02-17 07:44 - 2014-02-17 07:44 - 00031701 _____ () C:\ComboFix.txt
2014-02-12 15:55 - 2009-07-14 03:34 - 16515072 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-02-12 15:55 - 2009-07-14 03:34 - 128188416 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-02-12 15:55 - 2009-07-14 03:34 - 02883584 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-02-12 15:55 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-02-12 15:55 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-02-12 10:21 - 2014-02-12 10:18 - 05180679 ____R (Swearware) C:\Users\r\Downloads\ComboFix.exe
2014-02-12 10:20 - 2014-02-12 10:20 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill64-31163.exe
2014-02-12 10:19 - 2014-02-12 10:19 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill64.exe
2014-02-12 10:18 - 2014-02-12 10:18 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill.exe
2014-02-12 08:39 - 2011-05-11 07:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 08:38 - 2013-07-11 06:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 08:37 - 2010-12-03 10:12 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 08:29 - 2011-05-06 11:36 - 02421844 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 08:29 - 2009-07-14 18:58 - 01019824 _____ () C:\Windows\system32\perfh007.dat
2014-02-12 08:29 - 2009-07-14 18:58 - 00265030 _____ () C:\Windows\system32\perfc007.dat
2014-02-12 08:28 - 2009-07-14 06:13 - 02421844 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 08:20 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-11 12:22 - 2014-02-11 11:52 - 346987473 _____ (SWE Sven Ritter ) C:\Users\r\Downloads\wlane6224_6226vstw7-medion-olli.exe
2014-02-11 11:53 - 2014-02-11 11:53 - 01259653 _____ (SWE Sven Ritter ) C:\Users\r\Downloads\chpe6224_6226vstw7-medion-olli.exe
2014-02-11 11:32 - 2014-02-07 11:59 - 00000000 ____D () C:\Program Files (x86)\MiniGet
2014-02-10 09:12 - 2013-10-07 11:09 - 00002330 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-10 09:12 - 2011-03-03 09:33 - 00001081 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-10 09:03 - 2014-02-10 09:03 - 00000600 _____ () C:\Users\r\AppData\Local\PUTTY.RND
2014-02-07 14:28 - 2014-02-07 14:25 - 00000000 ____D () C:\Users\r\Documents\oki-5450
2014-02-07 12:26 - 2014-02-07 12:26 - 00000000 ____D () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection Manager
2014-02-07 12:26 - 2012-12-17 14:14 - 00002191 _____ () C:\Users\r\Desktop\Symantec Endpoint Protection Manager-Remote-Konsole.lnk
2014-02-07 12:00 - 2014-02-07 11:56 - 00000000 ____D () C:\Users\r\AppData\Local\cache
2014-02-07 11:59 - 2014-02-07 11:59 - 00000000 ____D () C:\Users\r\AppData\Roaming\MiniGet
2014-02-07 11:56 - 2014-02-07 11:56 - 00000000 ____D () C:\Users\r\.android
2014-02-07 11:56 - 2014-02-07 11:56 - 00000000 _____ () C:\Users\r\daemonprocess.txt
2014-02-07 10:01 - 2011-03-07 09:41 - 00004057 _____ () C:\Users\r\Desktop\netzliste-lokal.txt
2014-02-06 12:05 - 2013-06-26 07:33 - 00001931 _____ () C:\Users\r\Desktop\switch-61.txt
2014-02-05 16:50 - 2014-02-05 16:50 - 00001903 _____ () C:\Users\r\Downloads\config1 (1).pcc
2014-02-05 15:53 - 2014-02-05 15:53 - 03640370 _____ () C:\Users\r\Downloads\2510G-Software-Y1144.zip
2014-02-05 15:27 - 2014-02-05 15:26 - 00000000 ____D () C:\TFTP-Root
2014-02-05 15:26 - 2014-02-05 15:26 - 00002227 _____ () C:\Users\r\Desktop\TFTP Server.lnk
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SolarWinds TFTP Server
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Users\r\AppData\Local\SolarWinds
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Program Files (x86)\SolarWinds
2014-02-05 15:26 - 2014-02-05 15:25 - 00000000 ____D () C:\ProgramData\SolarWinds
2014-02-05 15:25 - 2014-02-05 15:25 - 01292454 _____ () C:\Users\r\Downloads\solarwinds-tftp-server.zip
2014-02-05 15:25 - 2014-02-05 15:25 - 00000000 ____D () C:\Users\r\AppData\Local\Applications
2014-02-05 15:13 - 2014-02-05 15:13 - 00000987 _____ () C:\Users\r\Desktop\PuTTY.lnk
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Program Files (x86)\PuTTY
2014-02-05 15:12 - 2014-02-05 15:12 - 01869122 _____ (Simon Tatham ) C:\Users\r\Downloads\putty-0.63-installer.exe
2014-02-05 15:08 - 2014-02-05 15:09 - 00495616 _____ (Simon Tatham) C:\Users\r\Desktop\putty_0.63.exe
2014-02-05 15:08 - 2014-02-05 15:08 - 00495616 _____ (Simon Tatham) C:\Users\r\Downloads\putty_0.63.exe
2014-02-05 14:50 - 2014-02-05 14:50 - 00238929 _____ () C:\Users\r\Downloads\termv19b.zip
2014-02-03 11:54 - 2012-09-27 08:28 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-03 11:54 - 2012-09-27 08:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-03 08:47 - 2013-09-12 09:41 - 00024170 _____ () C:\Users\r\Documents\photovoltaik.xlsx
2014-02-03 08:42 - 2013-12-12 13:51 - 00010153 _____ () C:\Users\r\Documents\recyclingpreise.xlsx
2014-01-31 10:55 - 2014-01-31 10:55 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-31 10:55 - 2014-01-31 10:55 - 00000000 ____D () C:\Program Files\Java
2014-01-30 16:26 - 2014-01-30 16:25 - 14886828 _____ () C:\Users\r\Downloads\yl-zl-6600-3500-Software-K.15.13.0005.zip
2014-01-29 12:16 - 2014-01-29 12:16 - 00000000 ____D () C:\Users\r\Downloads\symantec-cleaner
2014-01-28 15:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-28 09:59 - 2014-01-28 09:58 - 00001948 _____ () C:\Users\r\Downloads\switch200-61.txt
2014-01-28 09:49 - 2014-01-28 09:49 - 00001919 _____ () C:\Users\r\Downloads\config1.pcc
2014-01-28 09:44 - 2014-01-28 09:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-28 09:42 - 2014-01-28 09:39 - 00005298 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-28 09:42 - 2013-06-24 11:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-28 08:19 - 2014-01-28 08:19 - 00096037 _____ () C:\Users\r\Downloads\FW-Kiel-2014-01.txt
2014-01-27 10:15 - 2013-07-01 13:08 - 00002522 _____ () C:\Users\r\AppData\Local\RAExpertHistory.xml
2014-01-22 09:02 - 2014-01-22 09:02 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-22 09:02 - 2014-01-22 09:02 - 00000000 ____D () C:\Users\r\AppData\Roaming\Malwarebytes
2014-01-22 09:02 - 2014-01-22 09:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-22 09:02 - 2013-11-13 08:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\r\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-21 08:52 - 2009-07-14 05:45 - 00434392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-20 16:34 - 2014-01-20 16:34 - 53266432 _____ () C:\Users\r\Downloads\R113P_RK11_RCD_Express_ea_2011-04-28_15-03-47.iso
2014-01-20 16:16 - 2014-01-20 16:12 - 51869728 _____ () C:\Users\r\Downloads\rk_free.exe
2014-01-20 16:11 - 2014-01-20 16:07 - 153114624 _____ () C:\Users\r\Downloads\Trinity_Rescue_Kit_3.4_PC-WELT-Edition.iso
2014-01-20 16:07 - 2014-01-20 16:05 - 17954672 _____ (EaseUS ) C:\Users\r\Downloads\partition_recovery_5.6.1.exe

Some content of TEMP:
====================
C:\Users\r\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 13:46

==================== End Of Log ============================
--- --- ---

--- --- ---


Viele Grüße,

Andreas

Alt 19.02.2014, 15:20   #5
schrauber
/// the machine
/// TB-Ausbilder
 
Nach Combofix immer "Fehlerwiederherstellungsmodus" - Standard

Nach Combofix immer "Fehlerwiederherstellungsmodus"



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.02.2014, 08:17   #6
Andreas-Kiel
 
Nach Combofix immer "Fehlerwiederherstellungsmodus" - Standard

Nach Combofix immer "Fehlerwiederherstellungsmodus"


Hallo Schrauber,

alles klar, mache ich.

Eset Log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=505c6d246693ad44a1dcd5028c185870
# engine=17135
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-19 09:07:23
# local_time=2014-02-19 10:07:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776638 100 94 19407122 144473893 0 0
# scanned=298002
# found=4
# cleaned=0
# scan_time=23612
sh=E0512DE35BD30DEC663816DBD743C8C685CD13B3 ft=1 fh=26697ac7c9021bff vn="NSIS/StartPage.CC trojan" ac=I fn="C:\Users\r\Downloads\vlc-2.1.0-win32.exe"
sh=9C860E0B0EAFF9D2912642BC3940BA098C00BBCE ft=1 fh=41f2b86635803f1b vn="NSIS/StartPage.CC trojan" ac=I fn="C:\Users\r\Downloads\vlc-2.1.0-win64.exe"
sh=DE0F453AD7E45914C2F6E2A6BC782AFB6DB94B9D ft=1 fh=1f461786edf5f19c vn="NSIS/StartPage.CC trojan" ac=I fn="C:\Users\r\Downloads\vlc-2.1.3-win32.exe"
sh=273A2A936AEC8B68DE2329EF69996F616B0D757E ft=1 fh=6e75ff11b16007d4 vn="NSIS/StartPage.CC trojan" ac=I fn="C:\Users\r\Downloads\vlc-2.1.3-win64.exe"

Security Check Log:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Symantec Endpoint Protection   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 51  
  Adobe Flash Player 12.0.0.44 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (26.0) 
 Google Chrome 31.0.1650.63  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
Viele Grüße,

Andreas

Alt 20.02.2014, 14:45   #7
schrauber
/// the machine
/// TB-Ausbilder
 
Nach Combofix immer "Fehlerwiederherstellungsmodus" - Standard

Nach Combofix immer "Fehlerwiederherstellungsmodus"


VLC Download kannste löschen. Frisches FRST fehlt noch.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.02.2014, 15:32   #8
Andreas-Kiel
 
Nach Combofix immer "Fehlerwiederherstellungsmodus" - Standard

Nach Combofix immer "Fehlerwiederherstellungsmodus"


Hi Schrauber,

alles klar, mache ich.

Was ist denn von der Trojan Meldung bzgl. der VLC´s zu halten?
Die VLC´hatte ich mir direkt von der Herstellerseite heruntergeladen. Sind denn die Originalfiles befallen?

frisches FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by r (administrator) on PC on 20-02-2014 15:04:41
Running from C:\Users\r\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
(GFI Software Ltd.) C:\Program Files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\HP.Dss.App.WinService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Apache Software Foundation) C:\Program Files (x86)\GFI\LanGuard 11 Agent\Httpd\bin\httpd.exe
(Apache Software Foundation) C:\Program Files (x86)\GFI\LanGuard 11 Agent\Httpd\bin\httpd.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(SolarWinds) C:\Program Files (x86)\SolarWinds\TFTP Server\SolarWinds TFTP Server.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
() C:\Windows\System32\nwtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Syntek Ltd.) C:\Windows\STK02N\STK02NM.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Farbar) C:\Users\r\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NWTRAY] - C:\Windows\system32\NWTRAY.EXE [45656 2011-07-17] ()
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-06-22] (Analog Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-13] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll [X]
HKU\S-1-5-21-2758990797-477802305-3347868275-1000\...\Run: [Rainlendar2] - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2498048 2012-07-24] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de
URLSearchHook: HKCU - (No Name) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {BEF961E3-EF8D-441A-9084-5E2DC57B0436} URL = 
SearchScopes: HKCU - {D65B6369-8774-4C5B-8595-C3BDDE73900B} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {78E516EF-11DE-47A1-8364-A99B917EC5EE} -  No File
Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} -  No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.mri.bund.de/dana-cached/sc/JuniperSetupClient.cab
Handler: li5bin - {1E39F80A-E02D-40CC-AA23-9620BC3F2A0B} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: li5bin - {1E39F80A-E02D-40CC-AA23-9620BC3F2A0B} - C:\Program Files (x86)\LOGIN\LOGINventory5\LoginProtocolHandler.dll (Schmidt's LOGIN GmbH)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{7F61B47B-6AD0-4DF2-AD69-1E21255FCA0D}: [NameServer]172.29.65.194,172.29.65.195

FireFox:
========
FF ProfilePath: C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF NetworkProxy: "ftp", "195.68.150.50"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "195.68.150.50"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "195.68.150.50"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "195.68.150.50"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\nptcl31.dll (ActiveState Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\pluginhostctrl.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Quick Start - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default\Extensions\lightningnewtab@gmail.com [2014-02-19]
FF Extension: DownloadHelper - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-12]
FF Extension: Extension_Protected - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-02-07]
FF Extension: Stealthy - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default\Extensions\stealthyextension@gmail.com.xpi [2011-04-08]
FF Extension: WorldIP - C:\Users\r\AppData\Roaming\Mozilla\Firefox\Profiles\wxddxnol.default\Extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi [2012-06-14]
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{68F9AD69-B12D-4C6C-8427-AAC1ED4E8439} [2014-02-10]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF [2013-11-11]
FF HKLM-x32\...\Firefox\Extensions: [{68F9AD69-B12D-4C6C-8427-AAC1ED4E8439}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{68F9AD69-B12D-4C6C-8427-AAC1ED4E8439}
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{68F9AD69-B12D-4C6C-8427-AAC1ED4E8439} [2014-02-10]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (Download Protect) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\demhbiiflflpchkfpekojbmiolpkpjdk [2014-02-10]
CHR Extension: (Download Protect) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\mimnngjpfeanaheehdpfondeelejcddd [2014-02-06]
CHR Extension: (Google Wallet) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [135536 2013-08-09] (GFI Software Development Ltd.)
S4 gfi_lanss9_attservice; C:\Program Files (x86)\GFI\LANguard 9\lnssatt.exe [329144 2010-11-13] (GFI Software Ltd.)
R2 GFI_ReportCenter35; C:\Program Files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe [111912 2009-06-16] (GFI Software Ltd.)
R2 HPWJAService; C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe [45056 2011-07-14] (Hewlett-Packard Development Company, L.P.)
R2 HPWSProAdapter; C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\HP.Dss.App.WinService.exe [9728 2011-06-29] (Hewlett-Packard)
R2 MSSQL$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [192000 2012-12-29] (Microsoft Corporation)
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251760 2012-03-29] (BUFFALO INC.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2013-11-08] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2013-11-08] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2013-11-08] (Symantec Corporation)
R2 SolarWinds TFTP Server; C:\Program Files (x86)\SolarWinds\TFTP Server\SolarWinds TFTP Server.exe [60928 2012-12-10] (SolarWinds)
S4 SQLAgent$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [612864 2012-12-29] (Microsoft Corporation)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [19544 2011-07-17] (Novell, Inc.)

==================== Drivers (Whitelisted) ====================

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
S3 AtiDCM; C:\ATI\Support\11-8_vista64_win7_64_dd_ccc_ocl\Bin64\atdcm64a.sys [26752 2011-07-28] (Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20140121.011\BHDrvx64.sys [1526488 2014-01-14] (Symantec Corporation)
R1 ccSettings_{B1B5C4BC-65F0-4679-B31C-7B031940DC2E}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2013-11-08] (Symantec Corporation)
S3 DCamUSBSTK02N; C:\Windows\System32\DRIVERS\STK02NW2.sys [106496 2007-03-12] (Syntek Ltd.)
S3 DCamUSBSTK02N; C:\Windows\SysWOW64\DRIVERS\STK02NW2.sys [101520 2007-03-12] (Syntek Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-22] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20140219.011\IDSvia64.sys [521944 2014-02-17] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140219.033\ENG64.SYS [126040 2014-02-17] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140219.033\EX64.SYS [2099288 2014-02-17] (Symantec Corporation)
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [113240 2011-07-17] ()
R3 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [106072 2011-07-17] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [89688 2011-07-17] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [119384 2011-07-17] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [26200 2011-07-17] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [31320 2011-07-17] (Novell, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [40464 2009-02-08] (CACE Technologies)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-04-09] ()
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-08-29] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-08-29] (RapidSolution Software AG)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-19] (Microsoft Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2013-11-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2013-11-08] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2013-11-08] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2013-11-08] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2013-11-08] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2013-11-08] (Symantec Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [294248 2011-05-30] (Microsoft Corporation)
U3 nccache; C:\Program Files\Novell\Client\XTier\Drivers\nccache.sys [34392 2011-07-17] (Novell, Inc.)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [79448 2011-07-17] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [77912 2011-07-17] (Novell, Inc.)
U3 ncpfsp; C:\Program Files\Novell\Client\XTier\Drivers\ncpfsp.sys [90712 2011-07-17] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [49240 2011-07-17] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [19544 2011-07-17] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [83032 2011-07-17] (Novell, Inc.)
U3 nds4; C:\Program Files\Novell\Client\XTier\Drivers\nds4.sys [128088 2011-07-17] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [39000 2011-07-17] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [55896 2011-07-17] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [33880 2011-07-17] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [25176 2011-07-17] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [35928 2011-07-17] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [58456 2011-07-17] (Novell, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 oodiseml; \??\C:\Users\r\AppData\Local\Temp\OOBPSFXDE\oodiseml64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-20 15:03 - 2014-02-20 15:04 - 02153472 _____ (Farbar) C:\Users\r\Downloads\FRST64(1).exe
2014-02-20 12:17 - 2014-02-20 12:18 - 00276424 _____ () C:\Windows\Minidump\022014-101977-01.dmp
2014-02-20 08:03 - 2014-02-20 08:02 - 00987425 _____ () C:\Users\r\Desktop\SecurityCheck.exe
2014-02-20 08:02 - 2014-02-20 08:02 - 00987425 _____ () C:\Users\r\Downloads\SecurityCheck.exe
2014-02-19 15:26 - 2014-02-19 15:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-19 15:25 - 2014-02-19 15:25 - 02347384 _____ (ESET) C:\Users\r\Downloads\esetsmartinstaller_enu.exe
2014-02-19 12:04 - 2014-02-19 12:05 - 04721920 _____ (Piriform Ltd) C:\Users\r\Downloads\ccsetup410.exe
2014-02-19 11:57 - 2014-02-19 11:59 - 25889832 _____ () C:\Users\r\Downloads\vlc-2.1.3-win64.exe
2014-02-19 11:57 - 2014-02-19 11:59 - 25531584 _____ () C:\Users\r\Downloads\vlc-2.1.3-win32.exe
2014-02-19 11:55 - 2014-02-19 11:56 - 00000000 ____D () C:\Users\r\AppData\Roaming\vlc
2014-02-19 11:55 - 2014-02-19 11:55 - 00000877 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-19 11:54 - 2014-02-19 11:54 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-18 16:28 - 2014-02-18 16:28 - 00001566 _____ () C:\Users\r\Downloads\JRT.txt
2014-02-18 16:26 - 2014-02-18 16:26 - 00001566 _____ () C:\Users\r\Desktop\JRT.txt
2014-02-18 16:20 - 2014-02-18 16:20 - 00003112 _____ () C:\Users\r\Downloads\AdwCleaner[S2].txt
2014-02-18 16:20 - 2014-02-18 16:20 - 00001772 _____ () C:\sc-cleaner.txt
2014-02-18 16:20 - 2014-02-18 16:20 - 00000000 ____D () C:\Windows\ERUNT
2014-02-18 15:42 - 2014-02-18 15:42 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\sc-cleaner.exe
2014-02-18 15:41 - 2014-02-18 15:42 - 01037530 _____ (Thisisu) C:\Users\r\Downloads\JRT.exe
2014-02-18 15:39 - 2014-02-18 15:39 - 01241888 _____ () C:\Users\r\Downloads\adwcleaner_3.0.1.9.exe
2014-02-18 12:04 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-02-18 10:31 - 2014-02-18 10:47 - 00044669 _____ () C:\Users\r\Downloads\Addition.txt
2014-02-18 10:30 - 2014-02-20 15:04 - 00025510 _____ () C:\Users\r\Downloads\FRST.txt
2014-02-18 10:30 - 2014-02-20 15:04 - 00000000 ____D () C:\FRST
2014-02-18 10:29 - 2014-02-18 10:29 - 02152448 _____ (Farbar) C:\Users\r\Downloads\FRST64.exe
2014-02-17 11:20 - 2013-11-27 00:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-17 11:20 - 2013-11-26 23:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-17 11:15 - 2014-02-17 11:16 - 00000000 ___SD () C:\ComboFix
2014-02-17 10:28 - 2014-02-17 10:28 - 00000000 ____D () C:\Users\r\AppData\Local\Juniper Networks
2014-02-17 07:44 - 2014-02-17 07:44 - 00031701 _____ () C:\ComboFix.txt
2014-02-12 13:07 - 2014-02-18 12:04 - 00015416 _____ () C:\Windows\IE11_main.log
2014-02-12 10:26 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-12 10:26 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-12 10:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-12 10:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-12 10:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-12 10:26 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-12 10:26 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-12 10:26 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-12 10:21 - 2014-02-17 11:15 - 00000000 ____D () C:\Qoobox
2014-02-12 10:21 - 2014-02-17 10:40 - 00000000 ____D () C:\Windows\erdnt
2014-02-12 10:20 - 2014-02-12 10:20 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill64-31163.exe
2014-02-12 10:19 - 2014-02-12 10:19 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill64.exe
2014-02-12 10:18 - 2014-02-12 10:21 - 05180679 ____R (Swearware) C:\Users\r\Downloads\ComboFix.exe
2014-02-12 10:18 - 2014-02-12 10:18 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill.exe
2014-02-12 08:36 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-12 08:36 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-12 08:36 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-12 08:36 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-12 08:36 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-12 08:36 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-12 08:36 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-12 08:36 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-12 08:36 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-12 08:36 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-12 08:36 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-12 08:36 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-12 08:36 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-12 08:36 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-12 08:36 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-12 08:36 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-12 08:24 - 2013-12-21 10:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 08:24 - 2013-12-21 08:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 08:23 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 08:23 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 08:23 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 08:23 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 08:23 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 08:23 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 08:23 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 08:23 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 08:23 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 08:23 - 2014-02-01 07:45 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-12 08:23 - 2014-02-01 07:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-12 08:15 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 08:15 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 08:15 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 08:15 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 08:15 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 08:15 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 08:15 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 08:15 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 08:15 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 08:15 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 08:15 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 08:15 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 08:15 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 08:15 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 08:15 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 08:15 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 08:15 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 08:15 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 08:15 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 08:15 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 08:15 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 08:15 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 08:15 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 08:15 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 08:15 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 08:15 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 08:15 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 08:15 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 08:15 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-12 08:15 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-11 11:53 - 2014-02-11 11:53 - 01259653 _____ (SWE Sven Ritter ) C:\Users\r\Downloads\chpe6224_6226vstw7-medion-olli.exe
2014-02-11 11:52 - 2014-02-11 12:22 - 346987473 _____ (SWE Sven Ritter ) C:\Users\r\Downloads\wlane6224_6226vstw7-medion-olli.exe
2014-02-11 11:35 - 2014-02-18 15:43 - 00000000 ____D () C:\AdwCleaner
2014-02-10 09:03 - 2014-02-10 09:03 - 00000600 _____ () C:\Users\r\AppData\Local\PUTTY.RND
2014-02-07 14:25 - 2014-02-07 14:28 - 00000000 ____D () C:\Users\r\Documents\oki-5450
2014-02-07 12:26 - 2014-02-07 12:26 - 00000000 ____D () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection Manager
2014-02-07 11:59 - 2014-02-11 11:32 - 00000000 ____D () C:\Program Files (x86)\MiniGet
2014-02-07 11:59 - 2014-02-07 11:59 - 00000000 ____D () C:\Users\r\AppData\Roaming\MiniGet
2014-02-07 11:56 - 2014-02-07 12:00 - 00000000 ____D () C:\Users\r\AppData\Local\cache
2014-02-07 11:56 - 2014-02-07 11:56 - 00000000 ____D () C:\Users\r\.android
2014-02-07 11:56 - 2014-02-07 11:56 - 00000000 _____ () C:\Users\r\daemonprocess.txt
2014-02-05 16:50 - 2014-02-05 16:50 - 00001903 _____ () C:\Users\r\Downloads\config1 (1).pcc
2014-02-05 15:53 - 2014-02-05 15:53 - 03640370 _____ () C:\Users\r\Downloads\2510G-Software-Y1144.zip
2014-02-05 15:26 - 2014-02-05 15:27 - 00000000 ____D () C:\TFTP-Root
2014-02-05 15:26 - 2014-02-05 15:26 - 00002227 _____ () C:\Users\r\Desktop\TFTP Server.lnk
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SolarWinds TFTP Server
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Users\r\AppData\Local\SolarWinds
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Program Files (x86)\SolarWinds
2014-02-05 15:25 - 2014-02-05 15:26 - 00000000 ____D () C:\ProgramData\SolarWinds
2014-02-05 15:25 - 2014-02-05 15:25 - 01292454 _____ () C:\Users\r\Downloads\solarwinds-tftp-server.zip
2014-02-05 15:25 - 2014-02-05 15:25 - 00000000 ____D () C:\Users\r\AppData\Local\Applications
2014-02-05 15:13 - 2014-02-05 15:13 - 00000987 _____ () C:\Users\r\Desktop\PuTTY.lnk
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Program Files (x86)\PuTTY
2014-02-05 15:12 - 2014-02-05 15:12 - 01869122 _____ (Simon Tatham ) C:\Users\r\Downloads\putty-0.63-installer.exe
2014-02-05 15:09 - 2014-02-05 15:08 - 00495616 _____ (Simon Tatham) C:\Users\r\Desktop\putty_0.63.exe
2014-02-05 15:08 - 2014-02-05 15:08 - 00495616 _____ (Simon Tatham) C:\Users\r\Downloads\putty_0.63.exe
2014-02-05 14:50 - 2014-02-05 14:50 - 00238929 _____ () C:\Users\r\Downloads\termv19b.zip
2014-01-31 10:55 - 2014-01-31 10:55 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-31 10:55 - 2014-01-31 10:55 - 00000000 ____D () C:\Program Files\Java
2014-01-30 16:25 - 2014-01-30 16:26 - 14886828 _____ () C:\Users\r\Downloads\yl-zl-6600-3500-Software-K.15.13.0005.zip
2014-01-29 12:16 - 2014-01-29 12:16 - 00000000 ____D () C:\Users\r\Downloads\symantec-cleaner
2014-01-28 09:58 - 2014-01-28 09:59 - 00001948 _____ () C:\Users\r\Downloads\switch200-61.txt
2014-01-28 09:49 - 2014-01-28 09:49 - 00001919 _____ () C:\Users\r\Downloads\config1.pcc
2014-01-28 09:44 - 2014-01-28 09:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-28 09:42 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-28 09:42 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-28 09:42 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-28 09:42 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-28 09:39 - 2014-01-28 09:42 - 00005298 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-28 08:19 - 2014-01-28 08:19 - 00096037 _____ () C:\Users\r\Downloads\FW-Kiel-2014-01.txt
2014-01-22 09:02 - 2014-01-22 09:02 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-22 09:02 - 2014-01-22 09:02 - 00000000 ____D () C:\Users\r\AppData\Roaming\Malwarebytes
2014-01-22 09:02 - 2014-01-22 09:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-22 09:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-21 08:35 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-21 08:35 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-21 08:35 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-20 15:04 - 2014-02-20 15:03 - 02153472 _____ (Farbar) C:\Users\r\Downloads\FRST64(1).exe
2014-02-20 15:04 - 2014-02-18 10:30 - 00025510 _____ () C:\Users\r\Downloads\FRST.txt
2014-02-20 15:04 - 2014-02-18 10:30 - 00000000 ____D () C:\FRST
2014-02-20 14:43 - 2009-07-14 18:58 - 01019824 _____ () C:\Windows\system32\perfh007.dat
2014-02-20 14:43 - 2009-07-14 18:58 - 00265030 _____ () C:\Windows\system32\perfc007.dat
2014-02-20 14:43 - 2009-07-14 06:13 - 02444552 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-20 12:46 - 2012-11-30 12:04 - 00000000 ____D () C:\Users\r\.rainlendar2
2014-02-20 12:28 - 2009-07-14 05:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-20 12:28 - 2009-07-14 05:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-20 12:25 - 2009-07-14 06:10 - 01677582 _____ () C:\Windows\WindowsUpdate.log
2014-02-20 12:18 - 2014-02-20 12:17 - 00276424 _____ () C:\Windows\Minidump\022014-101977-01.dmp
2014-02-20 12:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-20 12:17 - 2013-03-05 14:45 - 878412613 _____ () C:\Windows\MEMORY.DMP
2014-02-20 12:17 - 2013-01-30 08:06 - 00023823 _____ () C:\Windows\setupact.log
2014-02-20 12:17 - 2012-09-18 09:53 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-02-20 12:17 - 2011-08-31 13:43 - 00000000 ____D () C:\Windows\Minidump
2014-02-20 11:28 - 2013-10-30 15:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-20 11:28 - 2013-01-14 11:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-20 11:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-20 11:20 - 2013-12-12 13:51 - 00010370 _____ () C:\Users\r\Documents\recyclingpreise.xlsx
2014-02-20 10:15 - 2011-03-03 09:33 - 00001081 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-20 10:15 - 2010-12-14 15:15 - 00000000 ____D () C:\Windows\Patches
2014-02-20 08:02 - 2014-02-20 08:03 - 00987425 _____ () C:\Users\r\Desktop\SecurityCheck.exe
2014-02-20 08:02 - 2014-02-20 08:02 - 00987425 _____ () C:\Users\r\Downloads\SecurityCheck.exe
2014-02-20 04:05 - 2010-12-22 12:42 - 00000000 ____D () C:\ProgramData\Symantec
2014-02-19 22:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-19 16:49 - 2011-08-30 10:00 - 00000000 ____D () C:\Users\r\Documents\Outlook-Dateien
2014-02-19 15:26 - 2014-02-19 15:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-19 15:25 - 2014-02-19 15:25 - 02347384 _____ (ESET) C:\Users\r\Downloads\esetsmartinstaller_enu.exe
2014-02-19 13:39 - 2012-09-14 09:48 - 00000000 ____D () C:\Users\r\AppData\Roaming\XnView
2014-02-19 12:05 - 2014-02-19 12:04 - 04721920 _____ (Piriform Ltd) C:\Users\r\Downloads\ccsetup410.exe
2014-02-19 11:59 - 2014-02-19 11:57 - 25889832 _____ () C:\Users\r\Downloads\vlc-2.1.3-win64.exe
2014-02-19 11:59 - 2014-02-19 11:57 - 25531584 _____ () C:\Users\r\Downloads\vlc-2.1.3-win32.exe
2014-02-19 11:56 - 2014-02-19 11:55 - 00000000 ____D () C:\Users\r\AppData\Roaming\vlc
2014-02-19 11:55 - 2014-02-19 11:55 - 00000877 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-19 11:54 - 2014-02-19 11:54 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-19 11:54 - 2011-03-15 08:43 - 00002722 _____ () C:\Users\r\Desktop\netzliste-lokal-gekürzt.txt
2014-02-18 16:29 - 2012-12-04 08:50 - 00000000 ____D () C:\Windows\pss
2014-02-18 16:28 - 2014-02-18 16:28 - 00001566 _____ () C:\Users\r\Downloads\JRT.txt
2014-02-18 16:26 - 2014-02-18 16:26 - 00001566 _____ () C:\Users\r\Desktop\JRT.txt
2014-02-18 16:20 - 2014-02-18 16:20 - 00003112 _____ () C:\Users\r\Downloads\AdwCleaner[S2].txt
2014-02-18 16:20 - 2014-02-18 16:20 - 00001772 _____ () C:\sc-cleaner.txt
2014-02-18 16:20 - 2014-02-18 16:20 - 00000000 ____D () C:\Windows\ERUNT
2014-02-18 16:12 - 2010-12-03 09:23 - 00001427 _____ () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-18 15:50 - 2010-11-10 17:38 - 00000000 ____D () C:\Windows\Panther
2014-02-18 15:45 - 2013-05-27 13:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-18 15:45 - 2013-02-06 14:25 - 01252560 _____ () C:\Windows\PFRO.log
2014-02-18 15:43 - 2014-02-11 11:35 - 00000000 ____D () C:\AdwCleaner
2014-02-18 15:42 - 2014-02-18 15:42 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\sc-cleaner.exe
2014-02-18 15:42 - 2014-02-18 15:41 - 01037530 _____ (Thisisu) C:\Users\r\Downloads\JRT.exe
2014-02-18 15:39 - 2014-02-18 15:39 - 01241888 _____ () C:\Users\r\Downloads\adwcleaner_3.0.1.9.exe
2014-02-18 12:04 - 2014-02-12 13:07 - 00015416 _____ () C:\Windows\IE11_main.log
2014-02-18 12:04 - 2013-05-27 13:30 - 00003824 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-18 12:04 - 2012-03-30 06:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-18 12:04 - 2011-05-17 07:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-18 10:47 - 2014-02-18 10:31 - 00044669 _____ () C:\Users\r\Downloads\Addition.txt
2014-02-18 10:29 - 2014-02-18 10:29 - 02152448 _____ (Farbar) C:\Users\r\Downloads\FRST64.exe
2014-02-17 15:51 - 2011-01-14 10:45 - 00000000 ____D () C:\Program Files (x86)\Look@LAN
2014-02-17 11:16 - 2014-02-17 11:15 - 00000000 ___SD () C:\ComboFix
2014-02-17 11:15 - 2014-02-12 10:21 - 00000000 ____D () C:\Qoobox
2014-02-17 10:57 - 2013-01-29 09:19 - 00000000 ____D () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2014-02-17 10:46 - 2013-09-12 11:31 - 00000000 ____D () C:\Users\MSSQLSERVER
2014-02-17 10:45 - 2010-12-03 09:22 - 00000000 ____D () C:\Users\r
2014-02-17 10:43 - 2011-10-10 08:26 - 00000000 ____D () C:\Users\r\AppData\Roaming\Juniper Networks
2014-02-17 10:43 - 2011-10-04 08:00 - 00000000 ____D () C:\Users\DefaultAppPool
2014-02-17 10:43 - 2011-05-06 11:56 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-02-17 10:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-17 10:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-02-17 10:41 - 2011-11-29 15:14 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-17 10:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas
2014-02-17 10:40 - 2014-02-12 10:21 - 00000000 ____D () C:\Windows\erdnt
2014-02-17 10:40 - 2011-05-06 11:35 - 00000000 ____D () C:\inetpub
2014-02-17 10:40 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-17 10:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-17 10:28 - 2014-02-17 10:28 - 00000000 ____D () C:\Users\r\AppData\Local\Juniper Networks
2014-02-17 09:53 - 2013-09-12 08:40 - 00000000 ____D () C:\Users\r\AppData\Local\CrashDumps
2014-02-17 09:48 - 2010-12-03 14:07 - 00002332 ____H () C:\Users\r\Documents\Default.rdp
2014-02-17 07:44 - 2014-02-17 07:44 - 00031701 _____ () C:\ComboFix.txt
2014-02-12 15:55 - 2009-07-14 03:34 - 16515072 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-02-12 15:55 - 2009-07-14 03:34 - 128188416 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-02-12 15:55 - 2009-07-14 03:34 - 02883584 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-02-12 15:55 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-02-12 15:55 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-02-12 10:21 - 2014-02-12 10:18 - 05180679 ____R (Swearware) C:\Users\r\Downloads\ComboFix.exe
2014-02-12 10:20 - 2014-02-12 10:20 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill64-31163.exe
2014-02-12 10:19 - 2014-02-12 10:19 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill64.exe
2014-02-12 10:18 - 2014-02-12 10:18 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\r\Downloads\rkill.exe
2014-02-12 08:39 - 2011-05-11 07:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 08:38 - 2013-07-11 06:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 08:37 - 2010-12-03 10:12 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 08:29 - 2011-05-06 11:36 - 02421844 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 08:20 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-11 12:22 - 2014-02-11 11:52 - 346987473 _____ (SWE Sven Ritter ) C:\Users\r\Downloads\wlane6224_6226vstw7-medion-olli.exe
2014-02-11 11:53 - 2014-02-11 11:53 - 01259653 _____ (SWE Sven Ritter ) C:\Users\r\Downloads\chpe6224_6226vstw7-medion-olli.exe
2014-02-11 11:32 - 2014-02-07 11:59 - 00000000 ____D () C:\Program Files (x86)\MiniGet
2014-02-10 09:12 - 2013-10-07 11:09 - 00002330 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-10 09:03 - 2014-02-10 09:03 - 00000600 _____ () C:\Users\r\AppData\Local\PUTTY.RND
2014-02-07 14:28 - 2014-02-07 14:25 - 00000000 ____D () C:\Users\r\Documents\oki-5450
2014-02-07 12:26 - 2014-02-07 12:26 - 00000000 ____D () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection Manager
2014-02-07 12:26 - 2012-12-17 14:14 - 00002191 _____ () C:\Users\r\Desktop\Symantec Endpoint Protection Manager-Remote-Konsole.lnk
2014-02-07 12:00 - 2014-02-07 11:56 - 00000000 ____D () C:\Users\r\AppData\Local\cache
2014-02-07 11:59 - 2014-02-07 11:59 - 00000000 ____D () C:\Users\r\AppData\Roaming\MiniGet
2014-02-07 11:56 - 2014-02-07 11:56 - 00000000 ____D () C:\Users\r\.android
2014-02-07 11:56 - 2014-02-07 11:56 - 00000000 _____ () C:\Users\r\daemonprocess.txt
2014-02-07 10:01 - 2011-03-07 09:41 - 00004057 _____ () C:\Users\r\Desktop\netzliste-lokal.txt
2014-02-06 12:05 - 2013-06-26 07:33 - 00001931 _____ () C:\Users\r\Desktop\switch-61.txt
2014-02-05 16:50 - 2014-02-05 16:50 - 00001903 _____ () C:\Users\r\Downloads\config1 (1).pcc
2014-02-05 15:53 - 2014-02-05 15:53 - 03640370 _____ () C:\Users\r\Downloads\2510G-Software-Y1144.zip
2014-02-05 15:27 - 2014-02-05 15:26 - 00000000 ____D () C:\TFTP-Root
2014-02-05 15:26 - 2014-02-05 15:26 - 00002227 _____ () C:\Users\r\Desktop\TFTP Server.lnk
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SolarWinds TFTP Server
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Users\r\AppData\Local\SolarWinds
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Program Files (x86)\SolarWinds
2014-02-05 15:26 - 2014-02-05 15:25 - 00000000 ____D () C:\ProgramData\SolarWinds
2014-02-05 15:25 - 2014-02-05 15:25 - 01292454 _____ () C:\Users\r\Downloads\solarwinds-tftp-server.zip
2014-02-05 15:25 - 2014-02-05 15:25 - 00000000 ____D () C:\Users\r\AppData\Local\Applications
2014-02-05 15:13 - 2014-02-05 15:13 - 00000987 _____ () C:\Users\r\Desktop\PuTTY.lnk
2014-02-05 15:13 - 2014-02-05 15:13 - 00000000 ____D () C:\Program Files (x86)\PuTTY
2014-02-05 15:12 - 2014-02-05 15:12 - 01869122 _____ (Simon Tatham ) C:\Users\r\Downloads\putty-0.63-installer.exe
2014-02-05 15:08 - 2014-02-05 15:09 - 00495616 _____ (Simon Tatham) C:\Users\r\Desktop\putty_0.63.exe
2014-02-05 15:08 - 2014-02-05 15:08 - 00495616 _____ (Simon Tatham) C:\Users\r\Downloads\putty_0.63.exe
2014-02-05 14:50 - 2014-02-05 14:50 - 00238929 _____ () C:\Users\r\Downloads\termv19b.zip
2014-02-03 11:54 - 2012-09-27 08:28 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-03 11:54 - 2012-09-27 08:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-03 08:47 - 2013-09-12 09:41 - 00024170 _____ () C:\Users\r\Documents\photovoltaik.xlsx
2014-02-01 10:20 - 2014-02-12 08:23 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-12 08:23 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-01 10:19 - 2014-02-12 08:23 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-12 08:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-12 08:23 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-12 08:23 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-12 08:23 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-12 08:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-12 08:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-01 07:45 - 2014-02-12 08:23 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-01 07:38 - 2014-02-12 08:23 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-31 10:55 - 2014-01-31 10:55 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-31 10:55 - 2014-01-31 10:55 - 00000000 ____D () C:\Program Files\Java
2014-01-30 16:26 - 2014-01-30 16:25 - 14886828 _____ () C:\Users\r\Downloads\yl-zl-6600-3500-Software-K.15.13.0005.zip
2014-01-29 12:16 - 2014-01-29 12:16 - 00000000 ____D () C:\Users\r\Downloads\symantec-cleaner
2014-01-28 15:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-28 09:59 - 2014-01-28 09:58 - 00001948 _____ () C:\Users\r\Downloads\switch200-61.txt
2014-01-28 09:49 - 2014-01-28 09:49 - 00001919 _____ () C:\Users\r\Downloads\config1.pcc
2014-01-28 09:44 - 2014-01-28 09:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-28 09:42 - 2014-01-28 09:39 - 00005298 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-28 09:42 - 2013-06-24 11:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-28 08:19 - 2014-01-28 08:19 - 00096037 _____ () C:\Users\r\Downloads\FW-Kiel-2014-01.txt
2014-01-27 10:15 - 2013-07-01 13:08 - 00002522 _____ () C:\Users\r\AppData\Local\RAExpertHistory.xml
2014-01-22 09:02 - 2014-01-22 09:02 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-22 09:02 - 2014-01-22 09:02 - 00000000 ____D () C:\Users\r\AppData\Roaming\Malwarebytes
2014-01-22 09:02 - 2014-01-22 09:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-22 09:02 - 2013-11-13 08:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\r\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-21 08:52 - 2009-07-14 05:45 - 00434392 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\r\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 13:46

==================== End Of Log ============================
--- --- ---


Viele Grüße,

Andreas

Alt 21.02.2014, 11:03   #9
schrauber
/// the machine
/// TB-Ausbilder
 
Nach Combofix immer "Fehlerwiederherstellungsmodus" - Standard

Nach Combofix immer "Fehlerwiederherstellungsmodus"


Nein, aber im INstaller von VLS ist Adware mit drin, der die Startseite ändern will. Wenn Du das nicht mitinstallierst ist alles gut


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.02.2014, 13:28   #10
Andreas-Kiel
 
Nach Combofix immer "Fehlerwiederherstellungsmodus" - Standard

Nach Combofix immer "Fehlerwiederherstellungsmodus"


Hallo Schrauber,

Defogger hatte ich nicht benutzt, Combofix habe ich nach Anleitung deinstalliert und hinterher auch DelFix durchlaufen lassen.

Leider ist der Fehler, daß Windows bei der Anmeldung immer "Fehlerwiederherstellungsmodus" zeigt, immer noch vorhanden. Ich habe jetzt noch festgestellt, daß unter "Systemsteuerung/System/erweiterte Systemeinstellungen/Starten und Wiederherstellen/Einstellungen bei der Auswahl des Standardbetriebssystemes keins auftaucht, das Fenster bzw. der "Rollbalken" ist leer.

Hast Du sonst noch eine Idee, wie man das beheben kann, bzw. wie Combofix dies erreicht hat? Ich würde sonst eine Reparaturinstallation versuchen, da dies mein "Utility" Rechner ist, wo so viele Spezialprogramme drauf sind, daß eine komplette Neuinstallation sehr, sehr viel Arbeit bedeuten würde.

Ich möchte mich auf jeden Fall für Deine Hilfe sehr bedanken. Für mich ist es eine neue Erfahrung, Hilfe zu bekommen, da ich normalerweise immer Anderen bei Ihren Problemen helfe.

Eine Frage noch zu Deinem Tipp bzgl. Registry Cleanern: Ich gehe mit Deiner Meinung komplett konform, allerdings setze ich seit Jahren ohne Probleme den CCleaner ein (der ja auch eine Registrierungsbereinigung anbietet) und habe nie Probleme damit gehabt. Was hältst Du von dem?

Viele Grüße und ein schönes Wochenende,

Andreas

Alt 22.02.2014, 13:26   #11
schrauber
/// the machine
/// TB-Ausbilder
 
Nach Combofix immer "Fehlerwiederherstellungsmodus" - Standard

Nach Combofix immer "Fehlerwiederherstellungsmodus"


Die Reparaturinstallation kannste auf jeden Fall versuchen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Nach Combofix immer "Fehlerwiederherstellungsmodus"
anmelden, anmeldung, automatischer, awesomehp, awesomehp entfernen, blöde, browser hijacker, ccleaner, combofix, firefox, hijacker, langsam, links, melden, meldung, mobogenie, mobogenie entfernen, nsis/startpage.cc, problem, programme, scan, seite, startup, systemwiederherstellung


« Rechner verlangsamt, sicherheitswarnung trojaner-verdacht | AwesomeHP-Virus eingefangen »


Ähnliche Themen: Nach Combofix immer "Fehlerwiederherstellungsmodus"


  1. Nach Photo Transfer mit "MPE" nach"D", auf "C" ca. 5GB verloren? Rest: 5,6GB auf "C"!
    Alles rund um Windows - 17.04.2016 (21)
  2. win 7 firefox langsam "keine Rückmeldung" immer wieder Meldung "ein skript auf dieser Seite ist eventuell beschädigt...."
    Plagegeister aller Art und deren Bekämpfung - 14.01.2015 (11)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. "Fehler: Server nicht gefunden" immer noch nach "WAJAM.A.1"-Befall
    Plagegeister aller Art und deren Bekämpfung - 05.11.2014 (15)
  5. Drathlosnetzwerkadapter seit letzter Zeit "im Arsch". Problembehandlung "behebt" Problem dann immer?
    Netzwerk und Hardware - 18.09.2014 (4)
  6. Win7 nach AntiVir Funden "TR/Crypt.zpack.Gen7" und "Adspy.Gen2" stark verlangsamt
    Log-Analyse und Auswertung - 13.04.2014 (28)
  7. Windows 7: GoogleChrome Erweiterung "DownSave5.2" taucht nach Löschen immer wieder auf
    Log-Analyse und Auswertung - 10.01.2014 (9)
  8. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  9. Windows XP Nach Installation von HP Player immer zwei Startseiten beim Öffnen von Google chrome "start.iminent.com" und "Search gol"
    Log-Analyse und Auswertung - 08.10.2013 (5)
  10. "BKA-Trojaner": Nach AntiVir-Rescue-Anwendung Rechner immer noch gesperrt
    Plagegeister aller Art und deren Bekämpfung - 15.05.2012 (25)
  11. ComboFix-Logfile nach "System Check"-Malware
    Log-Analyse und Auswertung - 03.03.2012 (5)
  12. Mein Pc ist von einem "TR/Sirefef.BV.2" Virus befallen. Kommt immer wieder auch nach Löschen!
    Log-Analyse und Auswertung - 27.02.2012 (3)
  13. hohe load durch prozess "system" und "explorer.exe" verbindet alleine nach russland
    Plagegeister aller Art und deren Bekämpfung - 08.12.2010 (10)
  14. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  15. Nach "Formatierung" Dateien immer noch vorhanden
    Alles rund um Windows - 17.01.2008 (14)
  16. IE sicherheitszone immer "Arbeitsplatz" anstatt "Internet"
    Plagegeister aller Art und deren Bekämpfung - 01.01.2005 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Nach Combofix immer "Fehlerwiederherstellungsmodus" - Hi Experten, ich habe ein Problem und hoffe, Ihr könnt mir helfen. Ich habe (übrigens immer noch) mir den Browser Hijacker "hxxp://www.awesomehp.com" eingefangen. Noch den ganzen Standardaktionen (Startup überprüft, Links - Nach Combofix immer "Fehlerwiederherstellungsmodus"...
Archiv
Du betrachtest: Nach Combofix immer "Fehlerwiederherstellungsmodus" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19