| |
| |||||||
Log-Analyse und Auswertung: search.conduit (Reste) entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.07.2013, 07:55
| #1 |
| |  search.conduit (Reste) entfernen Hallo, ich habe bei der Wartung des PCs eines Bekannten als Standardsuchmaschine in Firefox die Conduit Search-Engine vorgefunden, die ich daraufhin mit dem Junkware Removal Tool (thisisudax[dot]org) zu entfernen versuchte. Leider finden sich in der Firefox-Konfigurationsdatei immer noch einige Überreste (CT2325506...), da die Logfiles zudem noch weitere dubiose Einträge aufweisen, möchte ich hiermit nun einen echten Experten um Hilfe bei der Systembereinigung bitten. Vielen Dank im Voraus! Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:41 on 30/06/2013 (Sysop)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 30.06.2013 20:56:37 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sysop.Ingo-PC\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,06% Memory free 7,99 Gb Paging File | 6,71 Gb Available in Paging File | 83,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,99 Gb Total Space | 203,83 Gb Free Space | 71,27% Space Free | Partition Type: NTFS Computer Name: INGO-PC | User Name: Sysop | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.20 08:37:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2013.06.06 00:54:04 | 001,900,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc) SRV:64bit: - [2009.09.30 23:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Disabled | Stopped] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2013.06.30 16:50:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360) SRV - [2009.12.02 10:37:08 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.29 05:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService) SRV - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.18 17:15:32 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.07.06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012.07.06 04:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012.06.07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ccsetx64.sys -- (ccSet_N360) DRV:64bit: - [2012.05.22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symefa64.sys -- (SymEFA) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.16 21:38:00 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symnets.sys -- (SymNetS) DRV:64bit: - [2011.11.16 21:17:50 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ironx64.sys -- (SymIRON) DRV:64bit: - [2011.10.27 03:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.10.27 03:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011.10.27 03:25:42 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2011.10.27 03:25:42 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2011.10.27 03:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2011.08.16 00:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symds64.sys -- (SymDS) DRV:64bit: - [2011.07.06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.10.15 18:14:38 | 000,028,192 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SipIMNDI64.sys -- (SipIMNDI) DRV:64bit: - [2009.10.05 09:49:34 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.09.03 12:15:26 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.02 03:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.08.21 07:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.24 12:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.06 18:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009.04.29 05:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio) DRV:64bit: - [2009.03.02 15:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT) DRV:64bit: - [2009.03.02 15:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp) DRV:64bit: - [2008.06.16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2006.06.18 00:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2013.05.31 18:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130620.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.05.25 15:20:02 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130629.007\ex64.sys -- (NAVEX15) DRV - [2013.05.25 15:20:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130629.007\eng64.sys -- (NAVENG) DRV - [2013.02.21 17:53:22 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013.02.21 17:53:22 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.02.16 11:26:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130628.001\IDSviA64.sys -- (IDSVia64) DRV - [2009.09.29 21:00:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/12/02 09:50:01] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) DRV - [2009.09.02 03:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2013.02.18 17:19:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2013.06.30 16:45:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.30 16:50:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.26 17:45:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.06.30 16:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.06.30 16:50:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2011.04.15 17:56:00 | 000,000,060 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Web-Eintrag - {B4E30F61-16D9-11D3-85D1-005004229569} - Reg Error: Value error. File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.25.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.3.96.67 213.33.98.136 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{510C11A6-9D61-4985-A9E7-A57CEAB5EC6E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{812837FE-AE84-435B-BC30-AFF00E0B86EB}: DhcpNameServer = 195.3.96.67 213.33.98.136 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\osf - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.30 17:44:36 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Macromedia [2013.06.30 17:39:25 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Apple Computer [2013.06.30 17:39:12 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Adobe [2013.06.30 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.06.30 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Searches [2013.06.30 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.06.30 17:38:57 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Identities [2013.06.30 17:38:55 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Contacts [2013.06.30 17:38:53 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Local\VirtualStore [2013.06.30 17:38:18 | 000,000,000 | --SD | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Microsoft [2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Videos [2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Saved Games [2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Pictures [2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Music [2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Links [2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Favorites [2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Downloads [2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Documents [2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Desktop [2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Vorlagen [2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\AppData\Local\Verlauf [2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\AppData\Local\Temporary Internet Files [2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Startmenü [2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\SendTo [2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Recent [2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Netzwerkumgebung [2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Lokale Einstellungen [2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Documents\Eigene Videos [2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Documents\Eigene Musik [2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Eigene Dateien [2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Documents\Eigene Bilder [2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Druckumgebung [2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Cookies [2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\AppData\Local\Anwendungsdaten [2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Anwendungsdaten [2013.06.30 17:38:18 | 000,000,000 | -H-D | C] -- C:\Users\Sysop.Ingo-PC\AppData [2013.06.30 17:38:18 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Local\Temp [2013.06.30 17:38:18 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Local\Microsoft Help [2013.06.30 17:38:18 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Local\Microsoft [2013.06.30 17:38:18 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Media Center Programs [2013.06.30 16:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.26 17:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.06.20 08:37:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe [2013.06.19 21:19:03 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013.06.19 09:22:54 | 000,009,064 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\elevtmsg.dll ========== Files - Modified Within 30 Days ========== [2013.06.30 20:41:55 | 000,000,000 | ---- | M] () -- C:\Users\Sysop.Ingo-PC\defogger_reenable [2013.06.30 20:36:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.30 16:51:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.30 16:51:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.30 16:44:15 | 3219,636,224 | -HS- | M] () -- C:\hiberfil.sys [2013.06.28 19:10:42 | 001,629,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.28 19:10:42 | 000,703,230 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.28 19:10:42 | 000,657,422 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.28 19:10:42 | 000,150,838 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.28 19:10:42 | 000,123,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.20 09:44:20 | 001,603,724 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.06.20 08:37:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe [2013.06.20 08:28:17 | 000,377,856 | ---- | M] () -- C:\Users\Sysop.Ingo-PC\Desktop\gmer_2.1.19163.exe [2013.06.20 08:24:58 | 000,050,477 | ---- | M] () -- C:\Users\Sysop.Ingo-PC\Desktop\Defogger.exe [2013.06.19 21:19:03 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013.06.18 08:17:21 | 000,002,217 | ---- | M] () -- C:\Windows\PTH2004G.INI [2013.06.18 08:17:18 | 000,000,190 | ---- | M] () -- C:\Windows\LangIDlib.INI [2013.06.18 08:15:14 | 000,001,641 | ---- | M] () -- C:\Windows\wininit.ini [2013.06.05 17:10:42 | 000,009,064 | ---- | M] (EldoS Corporation) -- C:\Windows\SysNative\elevtmsg.dll ========== Files Created - No Company Name ========== [2013.06.30 20:41:55 | 000,000,000 | ---- | C] () -- C:\Users\Sysop.Ingo-PC\defogger_reenable [2013.06.30 17:39:12 | 000,001,393 | ---- | C] () -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.06.30 17:38:18 | 000,002,132 | ---- | C] () -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk [2013.06.20 08:28:16 | 000,377,856 | ---- | C] () -- C:\Users\Sysop.Ingo-PC\Desktop\gmer_2.1.19163.exe [2013.06.20 08:24:57 | 000,050,477 | ---- | C] () -- C:\Users\Sysop.Ingo-PC\Desktop\Defogger.exe [2013.06.19 08:24:44 | 001,603,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.01 19:03:10 | 000,001,641 | ---- | C] () -- C:\Windows\wininit.ini [2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2009.10.24 00:55:39 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.06.2013 20:56:37 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sysop.Ingo-PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,06% Memory free
7,99 Gb Paging File | 6,71 Gb Available in Paging File | 83,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 203,83 Gb Free Space | 71,27% Space Free | Partition Type: NTFS
Computer Name: INGO-PC | User Name: Sysop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0792F68A-3597-427C-BFD4-96D8CA47FA3D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0BD50616-C9EB-4971-B156-C29C7BB2854E}" = rport=139 | protocol=6 | dir=out | app=system |
"{18C36F12-2625-4C26-BE4D-868411BD503C}" = rport=137 | protocol=17 | dir=out | app=system |
"{21172DA9-21D9-48BB-88CD-61482F661D0E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28A4458F-446A-436E-96E5-A1779440A398}" = lport=2869 | protocol=6 | dir=in | app=system |
"{415CED2D-BEA2-4422-B992-2594F85DF5CB}" = lport=139 | protocol=6 | dir=in | app=system |
"{4477FD68-A5B5-49EF-BAF1-91CA10C0170B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5124AE9B-160D-4FB3-A8AE-9B25E99F0F77}" = lport=445 | protocol=6 | dir=in | app=system |
"{55200E70-01B0-46F4-8D83-3D5B442732F8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5EF3BF2C-8419-4ABC-A0CE-1C15717C562F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{612F93C7-27D7-45E5-ADED-CA27EA33CC9D}" = lport=137 | protocol=17 | dir=in | app=system |
"{66586D0B-484A-40BC-B2E7-4E1BE32AA29D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7508B0F0-C10A-421B-8D4B-DDD4A1E45154}" = rport=445 | protocol=6 | dir=out | app=system |
"{7549DD26-ADA7-40EC-9BAB-EFFF17A062D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{792C16C8-2C75-4117-83F6-FA2460FF6A93}" = rport=138 | protocol=17 | dir=out | app=system |
"{830F4E46-5B6F-4595-A764-582ABCFAE864}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84F181A0-7BE7-4A74-BC9C-FB5332659FF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{945B206E-3F31-444B-B2C1-3B2065572448}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E6E1B31-E76A-428E-A6D9-1ED0E8B7FFAC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9D16E6E-27CB-4ECE-9A35-D1405D6E0608}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D3800849-C9BB-4274-86F8-20937B5FD3C9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{DA50278A-26A9-4582-AE05-9503191E4C4B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7B7A71B-2174-4AA2-8C31-8C91CC918A1B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F47C9888-EECB-4860-9EB5-D4A4351498F4}" = lport=138 | protocol=17 | dir=in | app=system |
"{FB20A914-AC73-49F4-87C9-F5D3D0E130BB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F896BF2-C935-4E09-9930-23B70760EBC7}" = protocol=17 | dir=in | app=c:\users\ingo\appdata\roaming\dropbox\bin\dropbox.exe |
"{13B1B6FE-3C26-4523-985D-DB6575A8E60C}" = dir=in | app=c:\users\ingo\appdata\local\microsoft\skydrive\skydrive.exe |
"{25E9D96F-49DA-4756-A554-18457CB2B636}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2C9F21A5-7865-4F0A-8D00-0E77E1CA8FF4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2F3D26C0-0AA9-45C4-BF0C-025D55AD6275}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{38517636-3A8C-48F1-BC90-10121CD60BF3}" = protocol=6 | dir=out | app=system |
"{3F5B21B1-EDF9-436A-8C96-E90294D7CA1D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4069F6C3-2371-412C-BBA6-91102CFF7AAA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{455A793A-84B5-489B-ADDD-8C2143440272}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4A3D8804-D6FB-4355-BF04-1C6ADF68C8D8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4C827D5A-D226-496A-B6C3-4ACFE6F69866}" = protocol=6 | dir=in | app=c:\users\ingo\appdata\roaming\dropbox\bin\dropbox.exe |
"{5E2CF0A9-0F4F-44D2-B1EC-94D45AC3D33E}" = protocol=17 | dir=in | app=c:\users\ingo\appdata\roaming\dropbox\bin\dropbox.exe |
"{5F601625-E431-4FF7-B278-ECB709BEC2AE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6035FAAB-DC70-4BF1-875B-A1A3B4F71582}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{61790E2A-3615-4B0A-B3A7-2DCDD05E5029}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F08D448-048D-42D5-8368-6EA6529FA356}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{72DF3827-6B92-44C2-8AB7-34619BBA5F47}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79B0A456-3EB7-4632-B30F-50D7294E7312}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8915F0F0-1985-44A0-BEE0-962DECA87217}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{92BA0BB4-BDA6-4903-80B3-2DDF9D6A5746}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{92DDD9C5-6FB2-483A-880E-E3A273C51CDC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{964DE1EF-E5F8-43D4-BB94-7718C913FB4D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{9EF271C5-AE61-4EB6-86DA-4DF1E109EFE3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1AE3FC5-2DE4-46FF-80EB-C70EF630292B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A97F9394-3532-4F18-BA93-1D26018C5C71}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BD919787-C043-47F1-BC88-C83E58298633}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C273849C-6991-4487-AA80-3895BBD207CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C31383C9-62C8-484D-8855-1A07C65B87B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C4649DBB-CC6A-4805-AE83-707FE7D90C42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C4D7CBBB-1F98-4FC4-B0CB-28702838DE36}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CE108F90-947A-4114-8293-1F7F083F79D7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CE6664A2-A2EC-4B8B-BF31-13031EEF0076}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{E2A92A3E-3E41-4D22-A55E-7D8014692276}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E602C34A-A6DE-4656-B7DD-908B4CB38639}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E9016EE6-8497-4D11-9EC3-E3AD78CF9190}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E9FDB450-E0A0-4ED6-8C2C-19DF70143F16}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{F115DCE1-1E64-4C15-9CB5-7A7BC0EEFD27}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2B0DD0D-F66A-4594-84F5-0518DF765427}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F59E95A3-C8A1-46B8-8BB2-33B4B546BA5E}" = protocol=6 | dir=in | app=c:\users\ingo\appdata\roaming\dropbox\bin\dropbox.exe |
"{F8A19428-2730-482B-87A7-7E2BAADDF92F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FD5BABA8-FECF-4787-9F96-C23E19FA37B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A2585A63-ADD2-3F54-9819-125E680CC7E1}" = Microsoft .NET Framework 4.5 DEU Language Pack
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"CCleaner" = CCleaner
"NVIDIA Drivers" = NVIDIA Drivers
"O365HomePremRetail - de-de" = Microsoft Office 365 Home Premium - de-de
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"CanonSolutionMenu" = Canon Utilities Solution Menu
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"N360" = Norton 360
"Organizer V99.1" = Lotus Organizer 6.0
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Samsung ML-2010 Series SmartPanel" = Samsung ML-2010 Series SmartPanel
"ST6UNST #1" = Sudoku
"TeamViewer 8" = TeamViewer 8
"ULTIMATER" = Microsoft Office Ultimate 2007
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.06.2013 10:26:56 | Computer Name = Ingo-PC | Source = ESENT | ID = 455
Description = Windows (2792) Windows: Fehler -1811 beim Öffnen von Protokolldatei
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0032D.log.
Error - 30.06.2013 10:26:56 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 9000
Description =
Error - 30.06.2013 10:26:56 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 7040
Description =
Error - 30.06.2013 10:26:56 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 7042
Description =
Error - 30.06.2013 10:26:56 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 30.06.2013 10:26:56 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 30.06.2013 10:27:01 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 30.06.2013 10:27:02 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 30.06.2013 10:27:02 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 30.06.2013 10:27:02 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 7010
Description =
[ OSession Events ]
Error - 10.06.2012 02:39:16 | Computer Name = Ingo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.06.2012 02:39:33 | Computer Name = Ingo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.06.2012 02:39:43 | Computer Name = Ingo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29.06.2013 09:19:43 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 29.06.2013 09:20:08 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 29.06.2013 09:20:08 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 29.06.2013 09:20:38 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 29.06.2013 09:20:38 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 30.06.2013 04:10:41 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 30.06.2013 10:26:35 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 30.06.2013 10:27:02 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 30.06.2013 10:27:02 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 30.06.2013 10:44:27 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-30 21:06:33
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\SYSOP~1.ING\AppData\Local\Temp\kxldrpog.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [968:1224] 000007fefa861e00
Thread C:\Windows\system32\svchost.exe [968:1296] 000007fefa5c1a50
Thread C:\Windows\system32\svchost.exe [968:1572] 000007fefd4e1a70
Thread C:\Windows\system32\svchost.exe [968:1992] 000007fefd4e1a70
Thread C:\Windows\system32\svchost.exe [968:3724] 000007fef6cf506c
Thread C:\Windows\system32\svchost.exe [968:3732] 000007fef8521c20
Thread C:\Windows\system32\svchost.exe [968:3736] 000007fef8521c20
Thread C:\Windows\system32\svchost.exe [968:3068] 000007fefd4e1a70
Thread C:\Windows\system32\svchost.exe [968:1100] 000007fef7301ab0
Thread C:\Windows\system32\svchost.exe [968:4076] 000007fefaba4164
Thread C:\Windows\System32\spoolsv.exe [1316:2372] 000007fef7ee10c8
Thread C:\Windows\System32\spoolsv.exe [1316:2380] 000007fef7ea6144
Thread C:\Windows\System32\spoolsv.exe [1316:2384] 000007fef7c95fd0
Thread C:\Windows\System32\spoolsv.exe [1316:2388] 000007fef7c83438
Thread C:\Windows\System32\spoolsv.exe [1316:2392] 000007fef7c963ec
Thread C:\Windows\System32\spoolsv.exe [1316:2400] 000007fef8145e5c
Thread C:\Windows\System32\spoolsv.exe [1316:2404] 000007fef8015074
Thread C:\Windows\System32\spoolsv.exe [1316:2444] 000007fef7f38760
Thread C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [1580:1636] 0000000054a38f75
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:2032] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:2036] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:2040] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:2044] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1032] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1028] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1144] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1148] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1244] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1276] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1280] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1372] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1396] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1000] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1440] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1004] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:996] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1436] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1456] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1460] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1548] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1568] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1512] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1676] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1680] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1708] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1656] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1760] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1716] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1844] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1856] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1864] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1916] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1208] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1212] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1200] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1196] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1188] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1192] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1160] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1152] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1156] 000007fef931529c
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1112] 000007fef9316530
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{6E38DC7E-978E-422C-9C71-2F2FF44778CC}\Connection@Name isatap.{C5203BCE-E8A9-4761-9748-BD944E4EE409}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{6E38DC7E-978E-422C-9C71-2F2FF44778CC}?\Device\{11852436-8341-4F51-BF13-04DE28E6BE7A}?\Device\{07B6801C-A58A-46FC-A688-0B29D970484B}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{6E38DC7E-978E-422C-9C71-2F2FF44778CC}"?"{11852436-8341-4F51-BF13-04DE28E6BE7A}"?"{07B6801C-A58A-46FC-A688-0B29D970484B}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{6E38DC7E-978E-422C-9C71-2F2FF44778CC}?\Device\TCPIP6TUNNEL_{11852436-8341-4F51-BF13-04DE28E6BE7A}?\Device\TCPIP6TUNNEL_{07B6801C-A58A-46FC-A688-0B29D970484B}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{6E38DC7E-978E-422C-9C71-2F2FF44778CC}@InterfaceName isatap.{C5203BCE-E8A9-4761-9748-BD944E4EE409}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{6E38DC7E-978E-422C-9C71-2F2FF44778CC}@ReusableType 0
---- EOF - GMER 2.1 ----
|
|
02.07.2013, 08:07
| #2 |
| /// the machine /// TB-Ausbilder    | search.conduit (Reste) entfernen Hi,
__________________Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
02.07.2013, 11:38
| #3 |
| | search.conduit (Reste) entfernen Hallo,
__________________vielen Dank für die schnelle Antwort! Hier die Logs: Adw: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 02/07/2013 um 12:25:11 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Sysop - INGO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sysop.Ingo-PC\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
*************************
AdwCleaner[S1].txt - [608 octets] - [02/07/2013 12:25:11]
########## EOF - C:\AdwCleaner[S1].txt - [667 octets] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by Sysop (administrator) on 02-07-2013 12:28:06
Running from C:\Users\Sysop.Ingo-PC\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16395880 2009-10-03] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-09-03] (Synaptics Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
HKU\Ingo\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-08-29] (Apple Inc.)
HKU\Sysop\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sysop.Ingo-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.3.96.67 213.33.98.136
FireFox:
========
FF ProfilePath: C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Ghostery - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\firefox@ghostery.com
FF Extension: elemhidehelper - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: No Name - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\
==================== Services (Whitelisted) =================
S4 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
S4 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-02-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130629.001\IDSvia64.sys [513184 2013-02-16] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130629.001\IDSvia64.sys [513184 2013-02-16] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130701.021\ENG64.SYS [126040 2013-05-25] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130701.021\ENG64.SYS [126040 2013-05-25] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130701.021\EX64.SYS [2098776 2013-05-25] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130701.021\EX64.SYS [2098776 2013-05-25] (Symantec Corporation)
S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI64.sys [28192 2009-10-15] (T-Systems International GmbH)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-02-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-09-29] (CyberLink Corp.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-09-29] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-02 12:27 - 2013-07-02 12:27 - 00000735 ____A C:\Users\Sysop.Ingo-PC\Desktop\AdwCleaner[S1].txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000000 ____D C:\FRST
2013-07-02 12:25 - 2013-07-02 12:25 - 00000735 ____A C:\AdwCleaner[S1].txt
2013-07-02 12:22 - 2013-07-02 12:22 - 01933556 ____A (Farbar) C:\Users\Sysop.Ingo-PC\Desktop\FRST64.exe
2013-07-02 12:22 - 2013-07-02 12:22 - 00093808 ____A C:\Users\Sysop.Ingo-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-02 12:21 - 2013-07-02 12:21 - 00648201 ____A C:\Users\Sysop.Ingo-PC\Desktop\adwcleaner.exe
2013-07-02 08:12 - 2013-07-02 08:12 - 00000554 ____A C:\Windows\PFRO.log
2013-06-30 21:06 - 2013-06-30 21:07 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla
2013-06-30 21:06 - 2013-06-30 21:06 - 00012193 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer.log
2013-06-30 21:06 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Mozilla
2013-06-30 20:58 - 2013-06-30 20:58 - 00059996 ____A C:\Users\Sysop.Ingo-PC\Desktop\Extras.Txt
2013-06-30 20:53 - 2013-06-30 20:58 - 00076804 ____A C:\Users\Sysop.Ingo-PC\Desktop\OTL.Txt
2013-06-30 20:41 - 2013-06-30 20:41 - 00000000 ____A C:\Users\Sysop.Ingo-PC\defogger_reenable
2013-06-30 17:44 - 2013-06-30 17:44 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Macromedia
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Apple Computer
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Adobe
2013-06-30 17:38 - 2013-06-30 20:41 - 00000000 ____D C:\users\Sysop.Ingo-PC
2013-06-30 17:38 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\VirtualStore
2013-06-30 17:38 - 2013-06-30 17:38 - 00000020 ___SH C:\Users\Sysop.Ingo-PC\ntuser.ini
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Vorlagen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Startmenü
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Netzwerkumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Lokale Einstellungen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Eigene Dateien
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Druckumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Musik
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Bilder
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Verlauf
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Anwendungsdaten
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Anwendungsdaten
2013-06-30 17:38 - 2010-01-15 19:11 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Microsoft Help
2013-06-30 16:50 - 2013-06-30 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 16:26 - 2013-07-02 12:26 - 00000224 ____A C:\Windows\setupact.log
2013-06-30 16:26 - 2013-06-30 16:26 - 00000000 ____A C:\Windows\setuperr.log
2013-06-26 17:45 - 2013-06-26 19:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-21 08:51 - 2013-06-21 08:51 - 00002363 ____A C:\Users\Sysop.Ingo-PC\Documents\gmer.log
2013-06-21 08:41 - 2013-06-21 08:42 - 00088664 ____A C:\Users\Sysop.Ingo-PC\Documents\OTL.Txt
2013-06-20 15:00 - 2013-06-20 15:00 - 00000020 __ASH C:\Users\Sysop\ntuser.ini
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Vorlagen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Startmenü
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Netzwerkumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Lokale Einstellungen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Eigene Dateien
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Druckumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Musik
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Bilder
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Verlauf
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____D C:\users\Sysop
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____A C:\Users\Sysop\defogger_reenable
2013-06-20 15:00 - 2010-01-15 19:11 - 00000000 ____D C:\Users\Sysop\AppData\Local\Microsoft Help
2013-06-20 08:55 - 2013-06-20 08:55 - 00054294 ____A C:\Users\Sysop.Ingo-PC\Documents\Extras.Txt
2013-06-20 08:46 - 2013-06-30 20:41 - 00000472 ____A C:\Users\Sysop.Ingo-PC\Desktop\defogger_disable.log
2013-06-20 08:46 - 2013-06-20 08:46 - 00000000 ____A C:\Users\Ingo\defogger_reenable
2013-06-20 08:37 - 2013-06-20 08:37 - 00602112 ____A (OldTimer Tools) C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe
2013-06-20 08:28 - 2013-06-20 08:28 - 00377856 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer_2.1.19163.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00050477 ____A C:\Users\Sysop.Ingo-PC\Desktop\Defogger.exe
2013-06-19 21:19 - 2013-06-19 21:19 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-19 12:09 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 12:09 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 12:09 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 12:09 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 12:08 - 2013-06-19 12:09 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 09:22 - 2013-06-05 17:10 - 00009064 ____A (EldoS Corporation) C:\Windows\System32\elevtmsg.dll
2013-06-19 09:22 - 2012-08-23 16:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-06-19 09:22 - 2012-08-23 16:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-06-19 09:22 - 2012-08-23 16:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-06-19 09:22 - 2012-08-23 15:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-06-19 09:22 - 2012-08-23 15:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-06-19 09:22 - 2012-08-23 15:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-19 09:22 - 2012-08-23 15:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-19 09:22 - 2012-08-23 15:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-06-19 09:22 - 2012-08-23 15:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-06-19 09:22 - 2012-08-23 15:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-06-19 09:22 - 2012-08-23 15:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-06-19 09:22 - 2012-08-23 15:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-06-19 09:22 - 2012-08-23 14:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-06-19 09:22 - 2012-08-23 13:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-06-19 09:22 - 2012-08-23 13:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-06-19 09:22 - 2012-08-23 13:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-06-19 09:22 - 2012-08-23 13:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-06-19 09:22 - 2012-08-23 12:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-06-19 09:22 - 2012-08-23 12:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-06-19 09:22 - 2012-08-23 12:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-06-19 09:22 - 2012-08-23 12:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-06-19 09:22 - 2012-08-23 11:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-06-19 09:22 - 2012-08-23 10:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-19 09:22 - 2012-08-23 10:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-19 09:21 - 2012-08-24 20:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-06-19 09:21 - 2012-08-24 20:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-06-19 09:21 - 2012-08-24 20:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-06-19 09:21 - 2012-08-24 20:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-06-19 09:21 - 2012-08-24 18:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-06-19 09:21 - 2012-08-24 18:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-06-19 09:21 - 2012-08-24 18:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-06-19 09:21 - 2012-05-04 13:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-06-19 09:21 - 2012-05-04 11:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-06-19 08:24 - 2013-06-20 09:44 - 01603724 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-15 16:05 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 16:05 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 16:05 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 16:05 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 16:05 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 19:03 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 19:03 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 19:03 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 19:03 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 19:03 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 19:03 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 17:59 - 2013-06-12 17:59 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 16:40 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 16:40 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 16:40 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 16:40 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 16:40 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 16:40 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 16:40 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 16:39 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 16:39 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 16:39 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 16:39 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 16:39 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 16:39 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-06-11 10:28 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-06-11 10:28 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-06-11 10:27 - 2013-06-11 19:56 - 00000000 ____D C:\Users\Ingo\AppData\Local\Windows Live
==================== One Month Modified Files and Folders =======
2013-07-02 12:27 - 2013-07-02 12:27 - 00000735 ____A C:\Users\Sysop.Ingo-PC\Desktop\AdwCleaner[S1].txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000000 ____D C:\FRST
2013-07-02 12:26 - 2013-06-30 16:26 - 00000224 ____A C:\Windows\setupact.log
2013-07-02 12:26 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 12:25 - 2013-07-02 12:25 - 00000735 ____A C:\AdwCleaner[S1].txt
2013-07-02 12:25 - 2012-03-16 12:41 - 01424041 ____A C:\Windows\WindowsUpdate.log
2013-07-02 12:25 - 2009-07-14 06:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 12:25 - 2009-07-14 06:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 12:22 - 2013-07-02 12:22 - 01933556 ____A (Farbar) C:\Users\Sysop.Ingo-PC\Desktop\FRST64.exe
2013-07-02 12:22 - 2013-07-02 12:22 - 00093808 ____A C:\Users\Sysop.Ingo-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-02 12:21 - 2013-07-02 12:21 - 00648201 ____A C:\Users\Sysop.Ingo-PC\Desktop\adwcleaner.exe
2013-07-02 10:36 - 2011-12-25 10:23 - 00000000 ___RD C:\Users\Ingo\Dropbox
2013-07-02 10:36 - 2011-12-25 10:20 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Dropbox
2013-07-02 08:12 - 2013-07-02 08:12 - 00000554 ____A C:\Windows\PFRO.log
2013-07-02 08:12 - 2012-04-27 17:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-02 08:12 - 2009-07-14 06:45 - 00371760 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-30 21:07 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla
2013-06-30 21:06 - 2013-06-30 21:06 - 00012193 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer.log
2013-06-30 21:06 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Mozilla
2013-06-30 20:58 - 2013-06-30 20:58 - 00059996 ____A C:\Users\Sysop.Ingo-PC\Desktop\Extras.Txt
2013-06-30 20:58 - 2013-06-30 20:53 - 00076804 ____A C:\Users\Sysop.Ingo-PC\Desktop\OTL.Txt
2013-06-30 20:41 - 2013-06-30 20:41 - 00000000 ____A C:\Users\Sysop.Ingo-PC\defogger_reenable
2013-06-30 20:41 - 2013-06-30 17:38 - 00000000 ____D C:\users\Sysop.Ingo-PC
2013-06-30 20:41 - 2013-06-20 08:46 - 00000472 ____A C:\Users\Sysop.Ingo-PC\Desktop\defogger_disable.log
2013-06-30 17:44 - 2013-06-30 17:44 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Macromedia
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Apple Computer
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Adobe
2013-06-30 17:39 - 2013-06-30 17:38 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\VirtualStore
2013-06-30 17:38 - 2013-06-30 17:38 - 00000020 ___SH C:\Users\Sysop.Ingo-PC\ntuser.ini
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Vorlagen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Startmenü
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Netzwerkumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Lokale Einstellungen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Eigene Dateien
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Druckumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Musik
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Bilder
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Verlauf
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Anwendungsdaten
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Anwendungsdaten
2013-06-30 17:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-30 16:50 - 2013-06-30 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 16:26 - 2013-06-30 16:26 - 00000000 ____A C:\Windows\setuperr.log
2013-06-28 19:10 - 2009-12-02 19:12 - 00703230 ____A C:\Windows\System32\perfh007.dat
2013-06-28 19:10 - 2009-12-02 19:12 - 00150838 ____A C:\Windows\System32\perfc007.dat
2013-06-28 19:10 - 2009-07-14 07:13 - 01629444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-28 16:41 - 2010-01-13 13:12 - 00000000 ____D C:\Users\Ingo\Documents\Privat
2013-06-28 16:19 - 2013-05-19 18:40 - 00000000 ____D C:\Users\Ingo\Documents\Sticker
2013-06-26 19:01 - 2013-06-26 17:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-26 15:54 - 2010-01-12 17:14 - 00000000 ____D C:\Users\Ingo\AppData\Local\Microsoft Help
2013-06-25 12:18 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Kufstein
2013-06-22 12:25 - 2010-03-03 17:36 - 00000000 ____D C:\Windows\Minidump
2013-06-21 08:51 - 2013-06-21 08:51 - 00002363 ____A C:\Users\Sysop.Ingo-PC\Documents\gmer.log
2013-06-21 08:42 - 2013-06-21 08:41 - 00088664 ____A C:\Users\Sysop.Ingo-PC\Documents\OTL.Txt
2013-06-20 15:00 - 2013-06-20 15:00 - 00000020 __ASH C:\Users\Sysop\ntuser.ini
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Vorlagen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Startmenü
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Netzwerkumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Lokale Einstellungen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Eigene Dateien
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Druckumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Musik
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Bilder
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Verlauf
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____D C:\users\Sysop
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____A C:\Users\Sysop\defogger_reenable
2013-06-20 09:44 - 2013-06-19 08:24 - 01603724 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-20 08:55 - 2013-06-20 08:55 - 00054294 ____A C:\Users\Sysop.Ingo-PC\Documents\Extras.Txt
2013-06-20 08:46 - 2013-06-20 08:46 - 00000000 ____A C:\Users\Ingo\defogger_reenable
2013-06-20 08:46 - 2010-01-05 18:06 - 00000000 ____D C:\users\Ingo
2013-06-20 08:42 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Daniel
2013-06-20 08:37 - 2013-06-20 08:37 - 00602112 ____A (OldTimer Tools) C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe
2013-06-20 08:28 - 2013-06-20 08:28 - 00377856 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer_2.1.19163.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00050477 ____A C:\Users\Sysop.Ingo-PC\Desktop\Defogger.exe
2013-06-19 21:19 - 2013-06-19 21:19 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-19 17:17 - 2010-01-05 18:07 - 00000000 ____D C:\Users\Ingo\AppData\Local\VirtualStore
2013-06-19 12:18 - 2010-01-14 16:45 - 06620160 ____A C:\Users\Ingo\Documents\backup.pst
2013-06-19 12:17 - 2012-06-10 08:38 - 00000000 ____D C:\Users\Ingo\AppData\Local\8D128975-D491-4DC1-8654-8E2EBCF7F77A.aplzod
2013-06-19 12:09 - 2013-06-19 12:08 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 12:09 - 2012-04-14 17:35 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 09:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-19 09:04 - 2010-01-13 13:15 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-06-18 18:53 - 2009-10-24 01:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-18 08:17 - 2010-01-14 12:16 - 00002217 ____A C:\Windows\PTH2004G.INI
2013-06-18 08:17 - 2010-01-14 12:16 - 00000190 ____A C:\Windows\LangIDlib.INI
2013-06-18 08:15 - 2012-02-01 19:03 - 00001641 ____A C:\Windows\wininit.ini
2013-06-14 13:05 - 2012-09-11 19:53 - 00000000 ____D C:\Users\Ingo\Documents\Rolf
2013-06-14 11:54 - 2013-05-01 21:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-06-13 19:02 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-06-12 21:48 - 2012-07-11 10:20 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2010-04-18 08:17 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 12:09 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 12:09 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 12:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 12:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 19:05 - 2010-01-12 17:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 17:59 - 2013-06-12 17:59 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 17:59 - 2012-09-25 08:39 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:59 - 2011-06-05 08:04 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 19:56 - 2013-06-11 10:27 - 00000000 ____D C:\Users\Ingo\AppData\Local\Windows Live
2013-06-11 19:53 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-11 16:58 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-09 19:16 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Bank
2013-06-08 16:08 - 2013-06-15 16:05 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 16:05 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 16:05 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 16:05 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 16:05 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-05 17:10 - 2013-06-19 09:22 - 00009064 ____A (EldoS Corporation) C:\Windows\System32\elevtmsg.dll
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-06-26 21:19
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2013
Ran by Sysop at 2013-07-02 12:28:54
Running from C:\Users\Sysop.Ingo-PC\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958) (x32)
64 Bit HP CIO Components Installer (Version: 6.2.2)
7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0.1)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0.1.3)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Advertising Center (x32 Version: 0.0.0.2)
Apple Application Support (x32 Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Canon MP Navigator EX 2.0 (x32)
Canon Utilities Solution Menu (x32)
CanoScan LiDE 200 Scanner Driver
CCleaner (Version: 4.02)
CDDRV_Installer (Version: 4.60)
CyberLink PowerDVD 8 (x32 Version: 8.0.3402)
GEAR driver installer for x86 and x64 (x32 Version: 4.008.5)
iCloud (Version: 2.0.2.187)
ImagXpress (x32 Version: 7.0.74.0)
IrfanView (remove only) (x32 Version: 4.30)
iTunes (Version: 10.7.0.21)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
KhalInstallWrapper (Version: 4.72.40)
Lotus Organizer 6.0 (x32)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4505.1510)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Ultimate 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero DiscSpeed (x32 Version: 5.4.7.201)
Nero DiscSpeed Help (x32 Version: 5.4.4.100)
Nero DriveSpeed (x32 Version: 4.4.7.201)
Nero DriveSpeed Help (x32 Version: 4.4.4.100)
Nero Express Help (x32 Version: 9.4.9.100)
Nero InfoTool (x32 Version: 6.4.7.201)
Nero InfoTool Help (x32 Version: 6.4.4.100)
Nero Installer (x32 Version: 4.4.8.1)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart (x32 Version: 9.4.11.209)
Nero StartSmart Help (x32 Version: 9.4.1.100)
Nero StartSmart OEM (x32 Version: 9.4.10.100)
NeroExpress (x32 Version: 9.4.10.505)
neroxml (x32 Version: 1.0.0)
Norton 360 (x32 Version: 6.4.1.14)
NVIDIA Drivers (Version: 1.9)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4505.1510)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4505.1510)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4505.1510)
Packard Bell InfoCentre (x32 Version: 3.02.3000)
Packard Bell Power Management (x32 Version: 4.05.3004)
Packard Bell Recovery Management (x32 Version: 4.05.3006)
Packard Bell Updater (x32 Version: 1.01.3017)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30104)
Samsung ML-2010 Series SmartPanel (x32)
Sudoku (x32)
Synaptics Pointing Device Driver (Version: 14.0.4.0)
TeamViewer 8 (x32 Version: 8.0.16642)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
==================== Restore Points =========================
11-06-2013 08:27:23 Windows Live Essentials
11-06-2013 08:28:40 DirectX wurde installiert
11-06-2013 08:29:16 DirectX wurde installiert
11-06-2013 17:48:22 Windows Live Essentials
12-06-2013 17:01:24 Windows Update
15-06-2013 14:04:49 Windows Update
18-06-2013 06:15:39 Removed Video Web Camera
19-06-2013 07:16:08 Windows Update
19-06-2013 07:21:55 Windows Update
19-06-2013 07:23:37 Gerätetreiber-Paketinstallation: EldoS Corporation Systemgeräte
20-06-2013 07:29:12 Windows Update
==================== Scheduled Tasks (whitelisted) =============
Task: {1F823116-4474-408D-8E1E-6E0119CE3648} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {21FD9EA3-189C-4939-A8A3-AE56179A1972} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {4DFC6C65-6C4E-48ED-80DF-CB6E1E0C3D91} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {512513A9-3E00-4375-93CC-F83229B6CD07} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {5D2C43F7-0667-4404-8F41-59007339C36D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-06-14] (Microsoft Corporation)
Task: {B6099374-38D5-4FDE-A4EC-D9F77F9B5B93} - System32\Tasks\Games\UpdateCheck_S-1-5-21-551582189-2095768138-3948745554-1000
Task: {B74E9FFF-82B3-4CE1-8F7B-99EDFDE7C380} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {BA64F4FB-CF4C-4232-AD78-35E978656139} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-06] (Microsoft Corporation)
Task: {C52296EE-CDB9-4D32-9515-066A1E3FC318} - System32\Tasks\{AE1D0868-CD1B-4FEB-81F5-49CF2262FE1F} => C:\Program Files (x86)\CCleaner\CCleaner64.exe [2013-05-24] (Piriform Ltd)
Task: {DEC48389-8EFF-47C6-A2B3-EBA9844EF0D3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/30/2013 04:27:02 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/30/2013 04:27:02 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/30/2013 04:27:02 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/30/2013 04:27:01 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (06/30/2013 04:26:56 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/30/2013 04:26:56 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (06/30/2013 04:26:56 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/30/2013 04:26:56 PM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/30/2013 04:26:56 PM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
Error: (06/30/2013 04:26:56 PM) (Source: ESENT) (User: )
Description: Windows (2792) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0032D.log.
System errors:
=============
Error: (07/02/2013 00:26:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (07/02/2013 08:12:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (07/01/2013 08:21:33 PM) (Source: SRTSP) (User: )
Description: Error loading virus definitions.
Error: (07/01/2013 08:59:45 AM) (Source: SRTSP) (User: )
Description: Error loading virus definitions.
Error: (06/30/2013 04:44:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (06/30/2013 04:27:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/30/2013 04:27:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Error: (06/30/2013 04:26:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (06/30/2013 10:10:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (06/29/2013 03:20:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (06/10/2012 08:39:43 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (06/10/2012 08:39:33 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (06/10/2012 08:39:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2010-01-13 19:51:03.052
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-01-13 19:45:06.206
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-01-13 19:35:18.959
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-01-13 19:29:44.646
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-01-13 19:16:42.716
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-01-13 18:37:24.840
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-01-13 18:12:10.192
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-01-13 18:04:52.532
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-01-13 17:53:52.820
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-01-13 17:43:35.379
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 4093.98 MB
Available physical RAM: 3017.94 MB
Total Pagefile: 8186.14 MB
Available Pagefile: 7145.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Packard Bell) (Fixed) (Total:285.99 GB) (Free:203.41 GB) NTFS (Disk=0 Partition=3)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: AFD7E89D)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
02.07.2013, 13:29
| #4 |
| /// the machine /// TB-Ausbilder | search.conduit (Reste) entfernenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.07.2013, 19:12
| #5 |
| | search.conduit (Reste) entfernen Hallo, hier die nächsten Logs (ansonsten nichts Auffälliges): Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=23c40748ef3316429eff001ecafa66f6
# engine=14238
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-02 04:49:42
# local_time=2013-07-02 06:49:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 95 630231 123446278 0 0
# compatibility_mode=5893 16776574 100 94 70751071 124413632 0 0
# scanned=181026
# found=0
# cleaned=0
# scan_time=7155
Code:
ATTFilter Results of screen317's Security Check version 0.99.68
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Norton 360 Online
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (22.0)
Mozilla Thunderbird (17.0.7)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by Sysop (administrator) on 02-07-2013 19:42:42
Running from C:\Users\Sysop.Ingo-PC\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16395880 2009-10-03] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-09-03] (Synaptics Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
HKU\Ingo\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-08-29] (Apple Inc.)
HKU\Sysop\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sysop.Ingo-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.3.96.67 213.33.98.136
FireFox:
========
FF ProfilePath: C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Ghostery - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\firefox@ghostery.com
FF Extension: elemhidehelper - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: No Name - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\
==================== Services (Whitelisted) =================
S4 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
S4 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-02-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130629.001\IDSvia64.sys [513184 2013-02-16] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130629.001\IDSvia64.sys [513184 2013-02-16] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130702.002\ENG64.SYS [126040 2013-05-25] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130702.002\ENG64.SYS [126040 2013-05-25] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130702.002\EX64.SYS [2098776 2013-05-25] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130702.002\EX64.SYS [2098776 2013-05-25] (Symantec Corporation)
S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI64.sys [28192 2009-10-15] (T-Systems International GmbH)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-02-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-09-29] (CyberLink Corp.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-09-29] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-02 19:41 - 2013-07-02 19:41 - 00000841 ____A C:\Users\Sysop.Ingo-PC\Desktop\checkup.txt
2013-07-02 16:44 - 2013-07-02 16:44 - 00890988 ____A C:\Users\Sysop.Ingo-PC\Desktop\SecurityCheck.exe
2013-07-02 16:43 - 2013-07-02 16:43 - 02347384 ____A (ESET) C:\Users\Sysop.Ingo-PC\Desktop\esetsmartinstaller_enu.exe
2013-07-02 13:01 - 2013-07-02 13:01 - 00041723 ____A C:\Users\Sysop.Ingo-PC\Desktop\FRST (alt).txt
2013-07-02 12:58 - 2013-07-02 12:58 - 00000794 ____A C:\AdwCleaner[S2].txt
2013-07-02 12:28 - 2013-07-02 12:30 - 00019121 ____A C:\Users\Sysop.Ingo-PC\Desktop\Addition (alt).txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000735 ____A C:\Users\Sysop.Ingo-PC\Desktop\AdwCleaner[S1].txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000000 ____D C:\FRST
2013-07-02 12:25 - 2013-07-02 12:25 - 00000735 ____A C:\AdwCleaner[S1].txt
2013-07-02 12:22 - 2013-07-02 12:22 - 01933556 ____A (Farbar) C:\Users\Sysop.Ingo-PC\Desktop\FRST64.exe
2013-07-02 12:22 - 2013-07-02 12:22 - 00093808 ____A C:\Users\Sysop.Ingo-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-02 12:21 - 2013-07-02 12:21 - 00648201 ____A C:\Users\Sysop.Ingo-PC\Desktop\adwcleaner.exe
2013-07-02 08:12 - 2013-07-02 08:12 - 00000554 ____A C:\Windows\PFRO.log
2013-06-30 21:06 - 2013-06-30 21:07 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla
2013-06-30 21:06 - 2013-06-30 21:06 - 00012193 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer.log
2013-06-30 21:06 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Mozilla
2013-06-30 20:58 - 2013-06-30 20:58 - 00059996 ____A C:\Users\Sysop.Ingo-PC\Desktop\Extras (alt).Txt
2013-06-30 20:53 - 2013-06-30 20:58 - 00076804 ____A C:\Users\Sysop.Ingo-PC\Desktop\OTL (alt).Txt
2013-06-30 20:41 - 2013-06-30 20:41 - 00000000 ____A C:\Users\Sysop.Ingo-PC\defogger_reenable
2013-06-30 17:44 - 2013-06-30 17:44 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Macromedia
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Apple Computer
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Adobe
2013-06-30 17:38 - 2013-06-30 20:41 - 00000000 ____D C:\users\Sysop.Ingo-PC
2013-06-30 17:38 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\VirtualStore
2013-06-30 17:38 - 2013-06-30 17:38 - 00000020 ___SH C:\Users\Sysop.Ingo-PC\ntuser.ini
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Vorlagen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Startmenü
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Netzwerkumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Lokale Einstellungen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Eigene Dateien
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Druckumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Musik
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Bilder
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Verlauf
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Anwendungsdaten
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Anwendungsdaten
2013-06-30 17:38 - 2010-01-15 19:11 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Microsoft Help
2013-06-30 16:50 - 2013-06-30 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 16:26 - 2013-07-02 12:59 - 00000280 ____A C:\Windows\setupact.log
2013-06-30 16:26 - 2013-06-30 16:26 - 00000000 ____A C:\Windows\setuperr.log
2013-06-26 17:45 - 2013-06-26 19:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-21 08:51 - 2013-06-21 08:51 - 00002363 ____A C:\Users\Sysop.Ingo-PC\Documents\gmer.log
2013-06-21 08:41 - 2013-06-21 08:42 - 00088664 ____A C:\Users\Sysop.Ingo-PC\Documents\OTL.Txt
2013-06-20 15:00 - 2013-06-20 15:00 - 00000020 __ASH C:\Users\Sysop\ntuser.ini
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Vorlagen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Startmenü
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Netzwerkumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Lokale Einstellungen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Eigene Dateien
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Druckumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Musik
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Bilder
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Verlauf
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____D C:\users\Sysop
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____A C:\Users\Sysop\defogger_reenable
2013-06-20 15:00 - 2010-01-15 19:11 - 00000000 ____D C:\Users\Sysop\AppData\Local\Microsoft Help
2013-06-20 08:55 - 2013-06-20 08:55 - 00054294 ____A C:\Users\Sysop.Ingo-PC\Documents\Extras.Txt
2013-06-20 08:46 - 2013-06-30 20:41 - 00000472 ____A C:\Users\Sysop.Ingo-PC\Desktop\defogger_disable.log
2013-06-20 08:46 - 2013-06-20 08:46 - 00000000 ____A C:\Users\Ingo\defogger_reenable
2013-06-20 08:37 - 2013-06-20 08:37 - 00602112 ____A (OldTimer Tools) C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe
2013-06-20 08:28 - 2013-06-20 08:28 - 00377856 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer_2.1.19163.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00050477 ____A C:\Users\Sysop.Ingo-PC\Desktop\Defogger.exe
2013-06-19 21:19 - 2013-06-19 21:19 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-19 12:09 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 12:09 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 12:09 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 12:09 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 12:08 - 2013-06-19 12:09 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 09:22 - 2013-06-05 17:10 - 00009064 ____A (EldoS Corporation) C:\Windows\System32\elevtmsg.dll
2013-06-19 09:22 - 2012-08-23 16:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-06-19 09:22 - 2012-08-23 16:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-06-19 09:22 - 2012-08-23 16:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-06-19 09:22 - 2012-08-23 15:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-06-19 09:22 - 2012-08-23 15:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-06-19 09:22 - 2012-08-23 15:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-19 09:22 - 2012-08-23 15:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-19 09:22 - 2012-08-23 15:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-06-19 09:22 - 2012-08-23 15:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-06-19 09:22 - 2012-08-23 15:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-06-19 09:22 - 2012-08-23 15:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-06-19 09:22 - 2012-08-23 15:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-06-19 09:22 - 2012-08-23 14:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-06-19 09:22 - 2012-08-23 13:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-06-19 09:22 - 2012-08-23 13:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-06-19 09:22 - 2012-08-23 13:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-06-19 09:22 - 2012-08-23 13:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-06-19 09:22 - 2012-08-23 12:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-06-19 09:22 - 2012-08-23 12:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-06-19 09:22 - 2012-08-23 12:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-06-19 09:22 - 2012-08-23 12:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-06-19 09:22 - 2012-08-23 11:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-06-19 09:22 - 2012-08-23 10:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-19 09:22 - 2012-08-23 10:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-19 09:21 - 2012-08-24 20:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-06-19 09:21 - 2012-08-24 20:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-06-19 09:21 - 2012-08-24 20:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-06-19 09:21 - 2012-08-24 20:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-06-19 09:21 - 2012-08-24 18:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-06-19 09:21 - 2012-08-24 18:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-06-19 09:21 - 2012-08-24 18:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-06-19 09:21 - 2012-05-04 13:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-06-19 09:21 - 2012-05-04 11:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-06-19 08:24 - 2013-06-20 09:44 - 01603724 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-15 16:05 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 16:05 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 16:05 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 16:05 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 16:05 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 19:03 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 19:03 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 19:03 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 19:03 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 19:03 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 19:03 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 17:59 - 2013-06-12 17:59 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 16:40 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 16:40 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 16:40 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 16:40 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 16:40 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 16:40 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 16:40 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 16:39 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 16:39 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 16:39 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 16:39 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 16:39 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 16:39 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-06-11 10:28 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-06-11 10:28 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-06-11 10:27 - 2013-06-11 19:56 - 00000000 ____D C:\Users\Ingo\AppData\Local\Windows Live
==================== One Month Modified Files and Folders =======
2013-07-02 19:41 - 2013-07-02 19:41 - 00000841 ____A C:\Users\Sysop.Ingo-PC\Desktop\checkup.txt
2013-07-02 18:35 - 2012-03-16 12:41 - 01436481 ____A C:\Windows\WindowsUpdate.log
2013-07-02 17:48 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\auf Desktop gewesen
2013-07-02 16:44 - 2013-07-02 16:44 - 00890988 ____A C:\Users\Sysop.Ingo-PC\Desktop\SecurityCheck.exe
2013-07-02 16:43 - 2013-07-02 16:43 - 02347384 ____A (ESET) C:\Users\Sysop.Ingo-PC\Desktop\esetsmartinstaller_enu.exe
2013-07-02 13:50 - 2009-07-14 06:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 13:50 - 2009-07-14 06:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 13:01 - 2013-07-02 13:01 - 00041723 ____A C:\Users\Sysop.Ingo-PC\Desktop\FRST (alt).txt
2013-07-02 12:59 - 2013-06-30 16:26 - 00000280 ____A C:\Windows\setupact.log
2013-07-02 12:59 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 12:58 - 2013-07-02 12:58 - 00000794 ____A C:\AdwCleaner[S2].txt
2013-07-02 12:30 - 2013-07-02 12:28 - 00019121 ____A C:\Users\Sysop.Ingo-PC\Desktop\Addition (alt).txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000735 ____A C:\Users\Sysop.Ingo-PC\Desktop\AdwCleaner[S1].txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000000 ____D C:\FRST
2013-07-02 12:25 - 2013-07-02 12:25 - 00000735 ____A C:\AdwCleaner[S1].txt
2013-07-02 12:22 - 2013-07-02 12:22 - 01933556 ____A (Farbar) C:\Users\Sysop.Ingo-PC\Desktop\FRST64.exe
2013-07-02 12:22 - 2013-07-02 12:22 - 00093808 ____A C:\Users\Sysop.Ingo-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-02 12:21 - 2013-07-02 12:21 - 00648201 ____A C:\Users\Sysop.Ingo-PC\Desktop\adwcleaner.exe
2013-07-02 10:36 - 2011-12-25 10:23 - 00000000 ___RD C:\Users\Ingo\Dropbox
2013-07-02 10:36 - 2011-12-25 10:20 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Dropbox
2013-07-02 08:12 - 2013-07-02 08:12 - 00000554 ____A C:\Windows\PFRO.log
2013-07-02 08:12 - 2012-04-27 17:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-02 08:12 - 2009-07-14 06:45 - 00371760 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-30 21:07 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla
2013-06-30 21:06 - 2013-06-30 21:06 - 00012193 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer.log
2013-06-30 21:06 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Mozilla
2013-06-30 20:58 - 2013-06-30 20:58 - 00059996 ____A C:\Users\Sysop.Ingo-PC\Desktop\Extras (alt).Txt
2013-06-30 20:58 - 2013-06-30 20:53 - 00076804 ____A C:\Users\Sysop.Ingo-PC\Desktop\OTL (alt).Txt
2013-06-30 20:41 - 2013-06-30 20:41 - 00000000 ____A C:\Users\Sysop.Ingo-PC\defogger_reenable
2013-06-30 20:41 - 2013-06-30 17:38 - 00000000 ____D C:\users\Sysop.Ingo-PC
2013-06-30 20:41 - 2013-06-20 08:46 - 00000472 ____A C:\Users\Sysop.Ingo-PC\Desktop\defogger_disable.log
2013-06-30 17:44 - 2013-06-30 17:44 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Macromedia
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Apple Computer
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Adobe
2013-06-30 17:39 - 2013-06-30 17:38 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\VirtualStore
2013-06-30 17:38 - 2013-06-30 17:38 - 00000020 ___SH C:\Users\Sysop.Ingo-PC\ntuser.ini
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Vorlagen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Startmenü
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Netzwerkumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Lokale Einstellungen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Eigene Dateien
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Druckumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Musik
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Bilder
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Verlauf
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Anwendungsdaten
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Anwendungsdaten
2013-06-30 17:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-30 16:50 - 2013-06-30 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 16:26 - 2013-06-30 16:26 - 00000000 ____A C:\Windows\setuperr.log
2013-06-28 19:10 - 2009-12-02 19:12 - 00703230 ____A C:\Windows\System32\perfh007.dat
2013-06-28 19:10 - 2009-12-02 19:12 - 00150838 ____A C:\Windows\System32\perfc007.dat
2013-06-28 19:10 - 2009-07-14 07:13 - 01629444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-28 16:41 - 2010-01-13 13:12 - 00000000 ____D C:\Users\Ingo\Documents\Privat
2013-06-28 16:19 - 2013-05-19 18:40 - 00000000 ____D C:\Users\Ingo\Documents\Sticker
2013-06-26 19:01 - 2013-06-26 17:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-26 15:54 - 2010-01-12 17:14 - 00000000 ____D C:\Users\Ingo\AppData\Local\Microsoft Help
2013-06-25 12:18 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Kufstein
2013-06-22 12:25 - 2010-03-03 17:36 - 00000000 ____D C:\Windows\Minidump
2013-06-21 08:51 - 2013-06-21 08:51 - 00002363 ____A C:\Users\Sysop.Ingo-PC\Documents\gmer.log
2013-06-21 08:42 - 2013-06-21 08:41 - 00088664 ____A C:\Users\Sysop.Ingo-PC\Documents\OTL.Txt
2013-06-20 15:00 - 2013-06-20 15:00 - 00000020 __ASH C:\Users\Sysop\ntuser.ini
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Vorlagen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Startmenü
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Netzwerkumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Lokale Einstellungen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Eigene Dateien
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Druckumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Musik
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Bilder
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Verlauf
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____D C:\users\Sysop
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____A C:\Users\Sysop\defogger_reenable
2013-06-20 09:44 - 2013-06-19 08:24 - 01603724 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-20 08:55 - 2013-06-20 08:55 - 00054294 ____A C:\Users\Sysop.Ingo-PC\Documents\Extras.Txt
2013-06-20 08:46 - 2013-06-20 08:46 - 00000000 ____A C:\Users\Ingo\defogger_reenable
2013-06-20 08:46 - 2010-01-05 18:06 - 00000000 ____D C:\users\Ingo
2013-06-20 08:42 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Daniel
2013-06-20 08:37 - 2013-06-20 08:37 - 00602112 ____A (OldTimer Tools) C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe
2013-06-20 08:28 - 2013-06-20 08:28 - 00377856 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer_2.1.19163.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00050477 ____A C:\Users\Sysop.Ingo-PC\Desktop\Defogger.exe
2013-06-19 21:19 - 2013-06-19 21:19 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-19 17:17 - 2010-01-05 18:07 - 00000000 ____D C:\Users\Ingo\AppData\Local\VirtualStore
2013-06-19 12:18 - 2010-01-14 16:45 - 06620160 ____A C:\Users\Ingo\Documents\backup.pst
2013-06-19 12:17 - 2012-06-10 08:38 - 00000000 ____D C:\Users\Ingo\AppData\Local\8D128975-D491-4DC1-8654-8E2EBCF7F77A.aplzod
2013-06-19 12:09 - 2013-06-19 12:08 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 12:09 - 2012-04-14 17:35 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 09:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-19 09:04 - 2010-01-13 13:15 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-06-18 18:53 - 2009-10-24 01:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-18 08:17 - 2010-01-14 12:16 - 00002217 ____A C:\Windows\PTH2004G.INI
2013-06-18 08:17 - 2010-01-14 12:16 - 00000190 ____A C:\Windows\LangIDlib.INI
2013-06-18 08:15 - 2012-02-01 19:03 - 00001641 ____A C:\Windows\wininit.ini
2013-06-14 13:05 - 2012-09-11 19:53 - 00000000 ____D C:\Users\Ingo\Documents\Rolf
2013-06-14 11:54 - 2013-05-01 21:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-06-13 19:02 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-06-12 21:48 - 2012-07-11 10:20 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2010-04-18 08:17 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 12:09 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 12:09 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 12:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 12:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 19:05 - 2010-01-12 17:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 17:59 - 2013-06-12 17:59 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 17:59 - 2012-09-25 08:39 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:59 - 2011-06-05 08:04 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 19:56 - 2013-06-11 10:27 - 00000000 ____D C:\Users\Ingo\AppData\Local\Windows Live
2013-06-11 19:53 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-11 16:58 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-09 19:16 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Bank
2013-06-08 16:08 - 2013-06-15 16:05 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 16:05 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 16:05 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 16:05 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 16:05 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-05 17:10 - 2013-06-19 09:22 - 00009064 ____A (EldoS Corporation) C:\Windows\System32\elevtmsg.dll
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-06-26 21:19
==================== End Of Log ============================
--- --- --- --- --- --- Hallo nochmal, habe leider übersehen, daß sich Norton 360 während des ESET-Scans wieder automatisch reaktiviert hatte, lasse alle Scans nochmal durchlaufen und melde mich dann später noch einmal. Zusätzlich habe ich die mir verdächtigen Teile aus der Firefox-about:config noch einmal angesehen: Zur Thread-Eröffnung stand unter CT2325506.navigationAliasesJson noch search.conduit; dieser Eintrag fehlt jetzt, dafür sind andere aufgetaucht... Auszug about:config: Code:
ATTFilter CT2325506.1000234.weatherData;0000
CT2325506.ENABALE_HISTORY;{"dataType":"string","data":"true"}
CT2325506.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE;{"dataType":"string","data":"true"}
CT2325506.isEnableAllDialogs;{"dataType":"string","data":"true"}
CT2325506.isToolbarShrinked;{"dataType":"string","data":"false"}
CT2325506.isWelcomPage;{"dataType":"boolean","data":"true"}
CT2325506.navigationAliasesJson;{"EB_SEARCH_TERM":"","EB_MAIN_FRAME_URL":"chrome%3A%2F%2Fspeeddial%2Fcontent%2Fspeeddial.xul","EB_MAIN_FRAME_TITLE":"","EB_TOOLBAR_SUB_DOMAIN":"hxxp://wwwFreewaredownloadcom.CommunityToolbars.com/","EB_TOOLBAR_ID":"CT2325506","EB_TOOLBAR_VERSION":"10.13.1.89","EB_ORIGINAL_CTID":"CT2325506","EB_DOWNLOAD_PAGE":"hxxp://wwwFreewaredownloadcom.CommunityToolbars.com/","EB_TOOLBAR_NAME":"www.Freeware-download.com"}
CT2325506.personalApps;{"dataType":"object","data":"[\"WEATHER\"]"}
CT2325506.selectToSearchBoxEnabled;{"dataType":"string","data":"true"}
CT2325506.serviceLayer_service_login_isFirstLoginInvoked;{"dataType":"boolean","data":"true"}
CT2325506.serviceLayer_service_login_loginCount;{"dataType":"number","data":"2"}
CT2325506.serviceLayer_service_toolbarGrouping_activeCTID;{"dataType":"string","data":"CT2325506"}
ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=23c40748ef3316429eff001ecafa66f6
# engine=14241
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-02 09:19:53
# local_time=2013-07-02 11:19:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 95 646442 123462489 0 0
# compatibility_mode=5893 16776574 100 94 70767282 124429843 0 0
# scanned=181089
# found=0
# cleaned=0
# scan_time=8620
Code:
ATTFilter Results of screen317's Security Check version 0.99.68
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Norton 360 Online
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (22.0)
Mozilla Thunderbird (17.0.7)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by Sysop (administrator) on 03-07-2013 00:28:16
Running from C:\Users\Sysop.Ingo-PC\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16395880 2009-10-03] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-09-03] (Synaptics Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
HKU\Ingo\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-08-29] (Apple Inc.)
HKU\Sysop\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sysop.Ingo-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.3.96.67 213.33.98.136
FireFox:
========
FF ProfilePath: C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Ghostery - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\firefox@ghostery.com
FF Extension: elemhidehelper - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: No Name - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\
==================== Services (Whitelisted) =================
S4 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
S4 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-02-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130629.001\IDSvia64.sys [513184 2013-02-16] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130629.001\IDSvia64.sys [513184 2013-02-16] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130702.002\ENG64.SYS [126040 2013-05-25] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130702.002\ENG64.SYS [126040 2013-05-25] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130702.002\EX64.SYS [2098776 2013-05-25] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130702.002\EX64.SYS [2098776 2013-05-25] (Symantec Corporation)
S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI64.sys [28192 2009-10-15] (T-Systems International GmbH)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-02-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-09-29] (CyberLink Corp.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-09-29] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-03 00:27 - 2013-07-03 00:27 - 00000841 ____A C:\Users\Sysop.Ingo-PC\Desktop\checkup.txt
2013-07-02 20:25 - 2013-07-02 20:25 - 00001237 ____A C:\Users\Sysop.Ingo-PC\Desktop\CT2325506.txt
2013-07-02 20:13 - 2013-07-02 20:13 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Adobe
2013-07-02 19:43 - 2013-07-02 19:43 - 00042677 ____A C:\Users\Sysop.Ingo-PC\Desktop\FRST (alt2).txt
2013-07-02 19:41 - 2013-07-02 19:41 - 00000841 ____A C:\Users\Sysop.Ingo-PC\Desktop\checkup (alt).txt
2013-07-02 16:44 - 2013-07-02 16:44 - 00890988 ____A C:\Users\Sysop.Ingo-PC\Desktop\SecurityCheck.exe
2013-07-02 16:43 - 2013-07-02 16:43 - 02347384 ____A (ESET) C:\Users\Sysop.Ingo-PC\Desktop\esetsmartinstaller_enu.exe
2013-07-02 13:01 - 2013-07-02 13:01 - 00041723 ____A C:\Users\Sysop.Ingo-PC\Desktop\FRST (alt).txt
2013-07-02 12:58 - 2013-07-02 12:58 - 00000794 ____A C:\AdwCleaner[S2].txt
2013-07-02 12:28 - 2013-07-02 12:30 - 00019121 ____A C:\Users\Sysop.Ingo-PC\Desktop\Addition (alt).txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000735 ____A C:\Users\Sysop.Ingo-PC\Desktop\AdwCleaner[S1].txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000000 ____D C:\FRST
2013-07-02 12:25 - 2013-07-02 12:25 - 00000735 ____A C:\AdwCleaner[S1].txt
2013-07-02 12:22 - 2013-07-02 12:22 - 01933556 ____A (Farbar) C:\Users\Sysop.Ingo-PC\Desktop\FRST64.exe
2013-07-02 12:22 - 2013-07-02 12:22 - 00093808 ____A C:\Users\Sysop.Ingo-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-02 12:21 - 2013-07-02 12:21 - 00648201 ____A C:\Users\Sysop.Ingo-PC\Desktop\adwcleaner.exe
2013-07-02 08:12 - 2013-07-02 19:53 - 00001380 ____A C:\Windows\PFRO.log
2013-06-30 21:06 - 2013-06-30 21:07 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla
2013-06-30 21:06 - 2013-06-30 21:06 - 00012193 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer.log
2013-06-30 21:06 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Mozilla
2013-06-30 20:58 - 2013-06-30 20:58 - 00059996 ____A C:\Users\Sysop.Ingo-PC\Desktop\Extras (alt).Txt
2013-06-30 20:53 - 2013-06-30 20:58 - 00076804 ____A C:\Users\Sysop.Ingo-PC\Desktop\OTL (alt).Txt
2013-06-30 20:41 - 2013-06-30 20:41 - 00000000 ____A C:\Users\Sysop.Ingo-PC\defogger_reenable
2013-06-30 17:44 - 2013-06-30 17:44 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Macromedia
2013-06-30 17:39 - 2013-07-02 20:13 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Adobe
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Apple Computer
2013-06-30 17:38 - 2013-06-30 20:41 - 00000000 ____D C:\users\Sysop.Ingo-PC
2013-06-30 17:38 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\VirtualStore
2013-06-30 17:38 - 2013-06-30 17:38 - 00000020 ___SH C:\Users\Sysop.Ingo-PC\ntuser.ini
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Vorlagen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Startmenü
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Netzwerkumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Lokale Einstellungen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Eigene Dateien
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Druckumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Musik
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Bilder
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Verlauf
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Anwendungsdaten
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Anwendungsdaten
2013-06-30 17:38 - 2010-01-15 19:11 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Microsoft Help
2013-06-30 16:50 - 2013-06-30 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 16:26 - 2013-07-02 19:53 - 00000336 ____A C:\Windows\setupact.log
2013-06-30 16:26 - 2013-06-30 16:26 - 00000000 ____A C:\Windows\setuperr.log
2013-06-26 17:45 - 2013-06-26 19:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-21 08:51 - 2013-06-21 08:51 - 00002363 ____A C:\Users\Sysop.Ingo-PC\Documents\gmer.log
2013-06-21 08:41 - 2013-06-21 08:42 - 00088664 ____A C:\Users\Sysop.Ingo-PC\Documents\OTL.Txt
2013-06-20 15:00 - 2013-06-20 15:00 - 00000020 __ASH C:\Users\Sysop\ntuser.ini
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Vorlagen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Startmenü
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Netzwerkumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Lokale Einstellungen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Eigene Dateien
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Druckumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Musik
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Bilder
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Verlauf
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____D C:\users\Sysop
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____A C:\Users\Sysop\defogger_reenable
2013-06-20 15:00 - 2010-01-15 19:11 - 00000000 ____D C:\Users\Sysop\AppData\Local\Microsoft Help
2013-06-20 08:55 - 2013-06-20 08:55 - 00054294 ____A C:\Users\Sysop.Ingo-PC\Documents\Extras.Txt
2013-06-20 08:46 - 2013-06-30 20:41 - 00000472 ____A C:\Users\Sysop.Ingo-PC\Desktop\defogger_disable.log
2013-06-20 08:46 - 2013-06-20 08:46 - 00000000 ____A C:\Users\Ingo\defogger_reenable
2013-06-20 08:37 - 2013-06-20 08:37 - 00602112 ____A (OldTimer Tools) C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe
2013-06-20 08:28 - 2013-06-20 08:28 - 00377856 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer_2.1.19163.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00050477 ____A C:\Users\Sysop.Ingo-PC\Desktop\Defogger.exe
2013-06-19 21:19 - 2013-06-19 21:19 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-19 12:09 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 12:09 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 12:09 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 12:09 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 12:08 - 2013-06-19 12:09 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 09:22 - 2013-06-05 17:10 - 00009064 ____A (EldoS Corporation) C:\Windows\System32\elevtmsg.dll
2013-06-19 09:22 - 2012-08-23 16:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-06-19 09:22 - 2012-08-23 16:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-06-19 09:22 - 2012-08-23 16:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-06-19 09:22 - 2012-08-23 15:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-06-19 09:22 - 2012-08-23 15:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-06-19 09:22 - 2012-08-23 15:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-19 09:22 - 2012-08-23 15:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-19 09:22 - 2012-08-23 15:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-06-19 09:22 - 2012-08-23 15:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-06-19 09:22 - 2012-08-23 15:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-06-19 09:22 - 2012-08-23 15:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-06-19 09:22 - 2012-08-23 15:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-06-19 09:22 - 2012-08-23 14:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-06-19 09:22 - 2012-08-23 13:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-06-19 09:22 - 2012-08-23 13:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-06-19 09:22 - 2012-08-23 13:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-06-19 09:22 - 2012-08-23 13:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-06-19 09:22 - 2012-08-23 12:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-06-19 09:22 - 2012-08-23 12:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-06-19 09:22 - 2012-08-23 12:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-06-19 09:22 - 2012-08-23 12:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-06-19 09:22 - 2012-08-23 11:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-06-19 09:22 - 2012-08-23 10:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-19 09:22 - 2012-08-23 10:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-19 09:21 - 2012-08-24 20:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-06-19 09:21 - 2012-08-24 20:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-06-19 09:21 - 2012-08-24 20:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-06-19 09:21 - 2012-08-24 20:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-06-19 09:21 - 2012-08-24 18:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-06-19 09:21 - 2012-08-24 18:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-06-19 09:21 - 2012-08-24 18:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-06-19 09:21 - 2012-05-04 13:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-06-19 09:21 - 2012-05-04 11:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-06-19 08:24 - 2013-06-20 09:44 - 01603724 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-15 16:05 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 16:05 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 16:05 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 16:05 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 16:05 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 19:03 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 19:03 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 19:03 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 19:03 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 19:03 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 19:03 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 17:59 - 2013-06-12 17:59 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 16:40 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 16:40 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 16:40 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 16:40 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 16:40 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 16:40 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 16:40 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 16:39 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 16:39 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 16:39 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 16:39 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 16:39 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 16:39 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-06-11 10:28 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-06-11 10:28 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-06-11 10:27 - 2013-06-11 19:56 - 00000000 ____D C:\Users\Ingo\AppData\Local\Windows Live
==================== One Month Modified Files and Folders =======
2013-07-03 00:27 - 2013-07-03 00:27 - 00000841 ____A C:\Users\Sysop.Ingo-PC\Desktop\checkup.txt
2013-07-02 23:23 - 2012-03-16 12:41 - 01444889 ____A C:\Windows\WindowsUpdate.log
2013-07-02 20:25 - 2013-07-02 20:25 - 00001237 ____A C:\Users\Sysop.Ingo-PC\Desktop\CT2325506.txt
2013-07-02 20:17 - 2011-12-25 10:23 - 00000000 ___RD C:\Users\Ingo\Dropbox
2013-07-02 20:17 - 2011-12-25 10:20 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Dropbox
2013-07-02 20:13 - 2013-07-02 20:13 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Adobe
2013-07-02 20:13 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Adobe
2013-07-02 20:00 - 2009-07-14 06:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 20:00 - 2009-07-14 06:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 19:53 - 2013-07-02 08:12 - 00001380 ____A C:\Windows\PFRO.log
2013-07-02 19:53 - 2013-06-30 16:26 - 00000336 ____A C:\Windows\setupact.log
2013-07-02 19:53 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 19:43 - 2013-07-02 19:43 - 00042677 ____A C:\Users\Sysop.Ingo-PC\Desktop\FRST (alt2).txt
2013-07-02 19:41 - 2013-07-02 19:41 - 00000841 ____A C:\Users\Sysop.Ingo-PC\Desktop\checkup (alt).txt
2013-07-02 17:48 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\auf Desktop gewesen
2013-07-02 16:44 - 2013-07-02 16:44 - 00890988 ____A C:\Users\Sysop.Ingo-PC\Desktop\SecurityCheck.exe
2013-07-02 16:43 - 2013-07-02 16:43 - 02347384 ____A (ESET) C:\Users\Sysop.Ingo-PC\Desktop\esetsmartinstaller_enu.exe
2013-07-02 13:01 - 2013-07-02 13:01 - 00041723 ____A C:\Users\Sysop.Ingo-PC\Desktop\FRST (alt).txt
2013-07-02 12:58 - 2013-07-02 12:58 - 00000794 ____A C:\AdwCleaner[S2].txt
2013-07-02 12:30 - 2013-07-02 12:28 - 00019121 ____A C:\Users\Sysop.Ingo-PC\Desktop\Addition (alt).txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000735 ____A C:\Users\Sysop.Ingo-PC\Desktop\AdwCleaner[S1].txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000000 ____D C:\FRST
2013-07-02 12:25 - 2013-07-02 12:25 - 00000735 ____A C:\AdwCleaner[S1].txt
2013-07-02 12:22 - 2013-07-02 12:22 - 01933556 ____A (Farbar) C:\Users\Sysop.Ingo-PC\Desktop\FRST64.exe
2013-07-02 12:22 - 2013-07-02 12:22 - 00093808 ____A C:\Users\Sysop.Ingo-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-02 12:21 - 2013-07-02 12:21 - 00648201 ____A C:\Users\Sysop.Ingo-PC\Desktop\adwcleaner.exe
2013-07-02 08:12 - 2012-04-27 17:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-02 08:12 - 2009-07-14 06:45 - 00371760 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-30 21:07 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla
2013-06-30 21:06 - 2013-06-30 21:06 - 00012193 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer.log
2013-06-30 21:06 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Mozilla
2013-06-30 20:58 - 2013-06-30 20:58 - 00059996 ____A C:\Users\Sysop.Ingo-PC\Desktop\Extras (alt).Txt
2013-06-30 20:58 - 2013-06-30 20:53 - 00076804 ____A C:\Users\Sysop.Ingo-PC\Desktop\OTL (alt).Txt
2013-06-30 20:41 - 2013-06-30 20:41 - 00000000 ____A C:\Users\Sysop.Ingo-PC\defogger_reenable
2013-06-30 20:41 - 2013-06-30 17:38 - 00000000 ____D C:\users\Sysop.Ingo-PC
2013-06-30 20:41 - 2013-06-20 08:46 - 00000472 ____A C:\Users\Sysop.Ingo-PC\Desktop\defogger_disable.log
2013-06-30 17:44 - 2013-06-30 17:44 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Macromedia
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Apple Computer
2013-06-30 17:39 - 2013-06-30 17:38 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\VirtualStore
2013-06-30 17:38 - 2013-06-30 17:38 - 00000020 ___SH C:\Users\Sysop.Ingo-PC\ntuser.ini
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Vorlagen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Startmenü
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Netzwerkumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Lokale Einstellungen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Eigene Dateien
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Druckumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Musik
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Bilder
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Verlauf
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Anwendungsdaten
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Anwendungsdaten
2013-06-30 17:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-30 16:50 - 2013-06-30 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 16:26 - 2013-06-30 16:26 - 00000000 ____A C:\Windows\setuperr.log
2013-06-28 19:10 - 2009-12-02 19:12 - 00703230 ____A C:\Windows\System32\perfh007.dat
2013-06-28 19:10 - 2009-12-02 19:12 - 00150838 ____A C:\Windows\System32\perfc007.dat
2013-06-28 19:10 - 2009-07-14 07:13 - 01629444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-28 16:41 - 2010-01-13 13:12 - 00000000 ____D C:\Users\Ingo\Documents\Privat
2013-06-28 16:19 - 2013-05-19 18:40 - 00000000 ____D C:\Users\Ingo\Documents\Sticker
2013-06-26 19:01 - 2013-06-26 17:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-26 15:54 - 2010-01-12 17:14 - 00000000 ____D C:\Users\Ingo\AppData\Local\Microsoft Help
2013-06-25 12:18 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Kufstein
2013-06-22 12:25 - 2010-03-03 17:36 - 00000000 ____D C:\Windows\Minidump
2013-06-21 08:51 - 2013-06-21 08:51 - 00002363 ____A C:\Users\Sysop.Ingo-PC\Documents\gmer.log
2013-06-21 08:42 - 2013-06-21 08:41 - 00088664 ____A C:\Users\Sysop.Ingo-PC\Documents\OTL.Txt
2013-06-20 15:00 - 2013-06-20 15:00 - 00000020 __ASH C:\Users\Sysop\ntuser.ini
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Vorlagen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Startmenü
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Netzwerkumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Lokale Einstellungen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Eigene Dateien
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Druckumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Musik
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Bilder
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Verlauf
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____D C:\users\Sysop
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____A C:\Users\Sysop\defogger_reenable
2013-06-20 09:44 - 2013-06-19 08:24 - 01603724 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-20 08:55 - 2013-06-20 08:55 - 00054294 ____A C:\Users\Sysop.Ingo-PC\Documents\Extras.Txt
2013-06-20 08:46 - 2013-06-20 08:46 - 00000000 ____A C:\Users\Ingo\defogger_reenable
2013-06-20 08:46 - 2010-01-05 18:06 - 00000000 ____D C:\users\Ingo
2013-06-20 08:42 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Daniel
2013-06-20 08:37 - 2013-06-20 08:37 - 00602112 ____A (OldTimer Tools) C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe
2013-06-20 08:28 - 2013-06-20 08:28 - 00377856 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer_2.1.19163.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00050477 ____A C:\Users\Sysop.Ingo-PC\Desktop\Defogger.exe
2013-06-19 21:19 - 2013-06-19 21:19 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-19 17:17 - 2010-01-05 18:07 - 00000000 ____D C:\Users\Ingo\AppData\Local\VirtualStore
2013-06-19 12:18 - 2010-01-14 16:45 - 06620160 ____A C:\Users\Ingo\Documents\backup.pst
2013-06-19 12:17 - 2012-06-10 08:38 - 00000000 ____D C:\Users\Ingo\AppData\Local\8D128975-D491-4DC1-8654-8E2EBCF7F77A.aplzod
2013-06-19 12:09 - 2013-06-19 12:08 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 12:09 - 2012-04-14 17:35 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 09:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-19 09:04 - 2010-01-13 13:15 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-06-18 18:53 - 2009-10-24 01:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-18 08:17 - 2010-01-14 12:16 - 00002217 ____A C:\Windows\PTH2004G.INI
2013-06-18 08:17 - 2010-01-14 12:16 - 00000190 ____A C:\Windows\LangIDlib.INI
2013-06-18 08:15 - 2012-02-01 19:03 - 00001641 ____A C:\Windows\wininit.ini
2013-06-14 13:05 - 2012-09-11 19:53 - 00000000 ____D C:\Users\Ingo\Documents\Rolf
2013-06-14 11:54 - 2013-05-01 21:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-06-13 19:02 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-06-12 21:48 - 2012-07-11 10:20 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2010-04-18 08:17 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 12:09 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 12:09 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 12:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 12:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 19:05 - 2010-01-12 17:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 17:59 - 2013-06-12 17:59 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 17:59 - 2012-09-25 08:39 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:59 - 2011-06-05 08:04 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 19:56 - 2013-06-11 10:27 - 00000000 ____D C:\Users\Ingo\AppData\Local\Windows Live
2013-06-11 19:53 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-11 16:58 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-09 19:16 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Bank
2013-06-08 16:08 - 2013-06-15 16:05 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 16:05 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 16:05 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 16:05 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 16:05 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-05 17:10 - 2013-06-19 09:22 - 00009064 ____A (EldoS Corporation) C:\Windows\System32\elevtmsg.dll
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-06-26 21:19
==================== End Of Log ============================
--- --- --- |
|
03.07.2013, 07:17
| #6 |
| /// the machine /// TB-Ausbilder | search.conduit (Reste) entfernen Adobe updaten. Firefox deinstallieren, keine DAten behalten ausser evtl Lesezeichen, neu installieren. Noch Probleme? 
__________________ --> search.conduit (Reste) entfernen |
|
03.07.2013, 08:53
| #7 |
| | search.conduit (Reste) entfernen Hallo, Updates/Deinstallation/Installation erledigt; scheint alles in Ordnung! Können die Tools dann gelöscht werden? |
|
03.07.2013, 09:43
| #8 |
| /// the machine /// TB-Ausbilder | search.conduit (Reste) entfernen Machen wir jetzt Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.07.2013, 10:59
| #9 |
| | search.conduit (Reste) entfernen Hat alles geklappt. Herzlichen Dank für die Hilfestellung und Hinweise! |
|
03.07.2013, 12:27
| #10 |
| /// the machine /// TB-Ausbilder | search.conduit (Reste) entfernen Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu search.conduit (Reste) entfernen |
| 4d36e972-e325-11ce-bfc1-08002be10318, 7-zip, autorun, bho, bonjour, browser, entfernen, error, excel, fehler, firefox, flash player, google, helper, home, homepage, iexplore.exe, install.exe, junkware, junkware removal tool, mozilla, object, office 365, packard bell, plug-in, realtek, registry, scan, security, software, svchost.exe, symantec, tunnel, windows |
Linear-Darstellung
