Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: search.conduit (Reste) entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 02.07.2013, 07:55   #1
hsw1to1tbe
 
search.conduit (Reste) entfernen - Standard

search.conduit (Reste) entfernen



Hallo,

ich habe bei der Wartung des PCs eines Bekannten als Standardsuchmaschine in Firefox die Conduit Search-Engine vorgefunden, die ich daraufhin mit dem Junkware Removal Tool (thisisudax[dot]org) zu entfernen versuchte.

Leider finden sich in der Firefox-Konfigurationsdatei immer noch einige Überreste (CT2325506...), da die Logfiles zudem noch weitere dubiose Einträge aufweisen, möchte ich hiermit nun einen echten Experten um Hilfe bei der Systembereinigung bitten.

Vielen Dank im Voraus!

Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:41 on 30/06/2013 (Sysop)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL:
Code:
ATTFilter
OTL logfile created on: 30.06.2013 20:56:37 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sysop.Ingo-PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,06% Memory free
7,99 Gb Paging File | 6,71 Gb Available in Paging File | 83,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 203,83 Gb Free Space | 71,27% Space Free | Partition Type: NTFS
 
Computer Name: INGO-PC | User Name: Sysop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.20 08:37:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.06.06 00:54:04 | 001,900,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2009.09.30 23:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Disabled | Stopped] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2013.06.30 16:50:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2009.12.02 10:37:08 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.29 05:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.18 17:15:32 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.07.06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.07.06 04:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.06.07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012.05.22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.16 21:38:00 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.11.16 21:17:50 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011.10.27 03:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.10.27 03:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.10.27 03:25:42 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011.10.27 03:25:42 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.10.27 03:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.08.16 00:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011.07.06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.10.15 18:14:38 | 000,028,192 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SipIMNDI64.sys -- (SipIMNDI)
DRV:64bit: - [2009.10.05 09:49:34 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.09.03 12:15:26 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.02 03:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.08.21 07:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.24 12:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.06 18:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.04.29 05:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009.03.02 15:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009.03.02 15:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2008.06.16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006.06.18 00:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2013.05.31 18:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130620.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013.05.25 15:20:02 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130629.007\ex64.sys -- (NAVEX15)
DRV - [2013.05.25 15:20:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130629.007\eng64.sys -- (NAVENG)
DRV - [2013.02.21 17:53:22 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.02.21 17:53:22 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.02.16 11:26:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130628.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009.09.29 21:00:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/12/02 09:50:01] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009.09.02 03:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2013.02.18 17:19:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2013.06.30 16:45:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.30 16:50:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.26 17:45:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013.06.30 16:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.30 16:50:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2011.04.15 17:56:00 | 000,000,060 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Web-Eintrag - {B4E30F61-16D9-11D3-85D1-005004229569} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.3.96.67 213.33.98.136
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{510C11A6-9D61-4985-A9E7-A57CEAB5EC6E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{812837FE-AE84-435B-BC30-AFF00E0B86EB}: DhcpNameServer = 195.3.96.67 213.33.98.136
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.30 17:44:36 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Macromedia
[2013.06.30 17:39:25 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Apple Computer
[2013.06.30 17:39:12 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Adobe
[2013.06.30 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.06.30 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Searches
[2013.06.30 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.06.30 17:38:57 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Identities
[2013.06.30 17:38:55 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Contacts
[2013.06.30 17:38:53 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Local\VirtualStore
[2013.06.30 17:38:18 | 000,000,000 | --SD | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Microsoft
[2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Videos
[2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Saved Games
[2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Pictures
[2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Music
[2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Links
[2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Favorites
[2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Downloads
[2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Documents
[2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\Desktop
[2013.06.30 17:38:18 | 000,000,000 | R--D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Vorlagen
[2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\AppData\Local\Verlauf
[2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\AppData\Local\Temporary Internet Files
[2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Startmenü
[2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\SendTo
[2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Recent
[2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Netzwerkumgebung
[2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Lokale Einstellungen
[2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Documents\Eigene Videos
[2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Documents\Eigene Musik
[2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Eigene Dateien
[2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Documents\Eigene Bilder
[2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Druckumgebung
[2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Cookies
[2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\AppData\Local\Anwendungsdaten
[2013.06.30 17:38:18 | 000,000,000 | -HSD | C] -- C:\Users\Sysop.Ingo-PC\Anwendungsdaten
[2013.06.30 17:38:18 | 000,000,000 | -H-D | C] -- C:\Users\Sysop.Ingo-PC\AppData
[2013.06.30 17:38:18 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Local\Temp
[2013.06.30 17:38:18 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Local\Microsoft Help
[2013.06.30 17:38:18 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Local\Microsoft
[2013.06.30 17:38:18 | 000,000,000 | ---D | C] -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Media Center Programs
[2013.06.30 16:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.26 17:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.06.20 08:37:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe
[2013.06.19 21:19:03 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.06.19 09:22:54 | 000,009,064 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\elevtmsg.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.30 20:41:55 | 000,000,000 | ---- | M] () -- C:\Users\Sysop.Ingo-PC\defogger_reenable
[2013.06.30 20:36:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.30 16:51:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.30 16:51:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.30 16:44:15 | 3219,636,224 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.28 19:10:42 | 001,629,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.28 19:10:42 | 000,703,230 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.28 19:10:42 | 000,657,422 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.28 19:10:42 | 000,150,838 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.28 19:10:42 | 000,123,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.20 09:44:20 | 001,603,724 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.20 08:37:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe
[2013.06.20 08:28:17 | 000,377,856 | ---- | M] () -- C:\Users\Sysop.Ingo-PC\Desktop\gmer_2.1.19163.exe
[2013.06.20 08:24:58 | 000,050,477 | ---- | M] () -- C:\Users\Sysop.Ingo-PC\Desktop\Defogger.exe
[2013.06.19 21:19:03 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.06.18 08:17:21 | 000,002,217 | ---- | M] () -- C:\Windows\PTH2004G.INI
[2013.06.18 08:17:18 | 000,000,190 | ---- | M] () -- C:\Windows\LangIDlib.INI
[2013.06.18 08:15:14 | 000,001,641 | ---- | M] () -- C:\Windows\wininit.ini
[2013.06.05 17:10:42 | 000,009,064 | ---- | M] (EldoS Corporation) -- C:\Windows\SysNative\elevtmsg.dll
 
========== Files Created - No Company Name ==========
 
[2013.06.30 20:41:55 | 000,000,000 | ---- | C] () -- C:\Users\Sysop.Ingo-PC\defogger_reenable
[2013.06.30 17:39:12 | 000,001,393 | ---- | C] () -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.06.30 17:38:18 | 000,002,132 | ---- | C] () -- C:\Users\Sysop.Ingo-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013.06.20 08:28:16 | 000,377,856 | ---- | C] () -- C:\Users\Sysop.Ingo-PC\Desktop\gmer_2.1.19163.exe
[2013.06.20 08:24:57 | 000,050,477 | ---- | C] () -- C:\Users\Sysop.Ingo-PC\Desktop\Defogger.exe
[2013.06.19 08:24:44 | 001,603,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.01 19:03:10 | 000,001,641 | ---- | C] () -- C:\Windows\wininit.ini
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2009.10.24 00:55:39 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 30.06.2013 20:56:37 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sysop.Ingo-PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,06% Memory free
7,99 Gb Paging File | 6,71 Gb Available in Paging File | 83,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 203,83 Gb Free Space | 71,27% Space Free | Partition Type: NTFS
 
Computer Name: INGO-PC | User Name: Sysop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0792F68A-3597-427C-BFD4-96D8CA47FA3D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0BD50616-C9EB-4971-B156-C29C7BB2854E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{18C36F12-2625-4C26-BE4D-868411BD503C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{21172DA9-21D9-48BB-88CD-61482F661D0E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{28A4458F-446A-436E-96E5-A1779440A398}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{415CED2D-BEA2-4422-B992-2594F85DF5CB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4477FD68-A5B5-49EF-BAF1-91CA10C0170B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5124AE9B-160D-4FB3-A8AE-9B25E99F0F77}" = lport=445 | protocol=6 | dir=in | app=system | 
"{55200E70-01B0-46F4-8D83-3D5B442732F8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5EF3BF2C-8419-4ABC-A0CE-1C15717C562F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{612F93C7-27D7-45E5-ADED-CA27EA33CC9D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{66586D0B-484A-40BC-B2E7-4E1BE32AA29D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7508B0F0-C10A-421B-8D4B-DDD4A1E45154}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7549DD26-ADA7-40EC-9BAB-EFFF17A062D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{792C16C8-2C75-4117-83F6-FA2460FF6A93}" = rport=138 | protocol=17 | dir=out | app=system | 
"{830F4E46-5B6F-4595-A764-582ABCFAE864}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{84F181A0-7BE7-4A74-BC9C-FB5332659FF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{945B206E-3F31-444B-B2C1-3B2065572448}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9E6E1B31-E76A-428E-A6D9-1ED0E8B7FFAC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C9D16E6E-27CB-4ECE-9A35-D1405D6E0608}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D3800849-C9BB-4274-86F8-20937B5FD3C9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{DA50278A-26A9-4582-AE05-9503191E4C4B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E7B7A71B-2174-4AA2-8C31-8C91CC918A1B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F47C9888-EECB-4860-9EB5-D4A4351498F4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FB20A914-AC73-49F4-87C9-F5D3D0E130BB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F896BF2-C935-4E09-9930-23B70760EBC7}" = protocol=17 | dir=in | app=c:\users\ingo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{13B1B6FE-3C26-4523-985D-DB6575A8E60C}" = dir=in | app=c:\users\ingo\appdata\local\microsoft\skydrive\skydrive.exe | 
"{25E9D96F-49DA-4756-A554-18457CB2B636}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2C9F21A5-7865-4F0A-8D00-0E77E1CA8FF4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2F3D26C0-0AA9-45C4-BF0C-025D55AD6275}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{38517636-3A8C-48F1-BC90-10121CD60BF3}" = protocol=6 | dir=out | app=system | 
"{3F5B21B1-EDF9-436A-8C96-E90294D7CA1D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{4069F6C3-2371-412C-BBA6-91102CFF7AAA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{455A793A-84B5-489B-ADDD-8C2143440272}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4A3D8804-D6FB-4355-BF04-1C6ADF68C8D8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{4C827D5A-D226-496A-B6C3-4ACFE6F69866}" = protocol=6 | dir=in | app=c:\users\ingo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5E2CF0A9-0F4F-44D2-B1EC-94D45AC3D33E}" = protocol=17 | dir=in | app=c:\users\ingo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5F601625-E431-4FF7-B278-ECB709BEC2AE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6035FAAB-DC70-4BF1-875B-A1A3B4F71582}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{61790E2A-3615-4B0A-B3A7-2DCDD05E5029}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6F08D448-048D-42D5-8368-6EA6529FA356}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{72DF3827-6B92-44C2-8AB7-34619BBA5F47}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{79B0A456-3EB7-4632-B30F-50D7294E7312}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8915F0F0-1985-44A0-BEE0-962DECA87217}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{92BA0BB4-BDA6-4903-80B3-2DDF9D6A5746}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{92DDD9C5-6FB2-483A-880E-E3A273C51CDC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{964DE1EF-E5F8-43D4-BB94-7718C913FB4D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{9EF271C5-AE61-4EB6-86DA-4DF1E109EFE3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1AE3FC5-2DE4-46FF-80EB-C70EF630292B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A97F9394-3532-4F18-BA93-1D26018C5C71}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BD919787-C043-47F1-BC88-C83E58298633}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C273849C-6991-4487-AA80-3895BBD207CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C31383C9-62C8-484D-8855-1A07C65B87B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C4649DBB-CC6A-4805-AE83-707FE7D90C42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C4D7CBBB-1F98-4FC4-B0CB-28702838DE36}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CE108F90-947A-4114-8293-1F7F083F79D7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{CE6664A2-A2EC-4B8B-BF31-13031EEF0076}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{E2A92A3E-3E41-4D22-A55E-7D8014692276}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{E602C34A-A6DE-4656-B7DD-908B4CB38639}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{E9016EE6-8497-4D11-9EC3-E3AD78CF9190}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{E9FDB450-E0A0-4ED6-8C2C-19DF70143F16}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{F115DCE1-1E64-4C15-9CB5-7A7BC0EEFD27}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F2B0DD0D-F66A-4594-84F5-0518DF765427}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F59E95A3-C8A1-46B8-8BB2-33B4B546BA5E}" = protocol=6 | dir=in | app=c:\users\ingo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F8A19428-2730-482B-87A7-7E2BAADDF92F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FD5BABA8-FECF-4787-9F96-C23E19FA37B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A2585A63-ADD2-3F54-9819-125E680CC7E1}" = Microsoft .NET Framework 4.5 DEU Language Pack
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"CCleaner" = CCleaner
"NVIDIA Drivers" = NVIDIA Drivers
"O365HomePremRetail - de-de" = Microsoft Office 365 Home Premium - de-de
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"CanonSolutionMenu" = Canon Utilities Solution Menu
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"N360" = Norton 360
"Organizer V99.1" = Lotus Organizer 6.0
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Samsung ML-2010 Series SmartPanel" = Samsung ML-2010 Series SmartPanel
"ST6UNST #1" = Sudoku
"TeamViewer 8" = TeamViewer 8
"ULTIMATER" = Microsoft Office Ultimate 2007
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.06.2013 10:26:56 | Computer Name = Ingo-PC | Source = ESENT | ID = 455
Description = Windows (2792) Windows: Fehler -1811 beim Öffnen von Protokolldatei
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0032D.log.
 
Error - 30.06.2013 10:26:56 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 30.06.2013 10:26:56 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 30.06.2013 10:26:56 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 30.06.2013 10:26:56 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 30.06.2013 10:26:56 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 30.06.2013 10:27:01 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 30.06.2013 10:27:02 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 30.06.2013 10:27:02 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 30.06.2013 10:27:02 | Computer Name = Ingo-PC | Source = Windows Search Service | ID = 7010
Description = 
 
[ OSession Events ]
Error - 10.06.2012 02:39:16 | Computer Name = Ingo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.06.2012 02:39:33 | Computer Name = Ingo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.06.2012 02:39:43 | Computer Name = Ingo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.06.2013 09:19:43 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 29.06.2013 09:20:08 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 29.06.2013 09:20:08 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 29.06.2013 09:20:38 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 29.06.2013 09:20:38 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 30.06.2013 04:10:41 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 30.06.2013 10:26:35 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 30.06.2013 10:27:02 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 30.06.2013 10:27:02 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 30.06.2013 10:44:27 | Computer Name = Ingo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
 
< End of report >
         
Gmer:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-30 21:06:33
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\SYSOP~1.ING\AppData\Local\Temp\kxldrpog.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [968:1224]                                                                                                   000007fefa861e00
Thread  C:\Windows\system32\svchost.exe [968:1296]                                                                                                   000007fefa5c1a50
Thread  C:\Windows\system32\svchost.exe [968:1572]                                                                                                   000007fefd4e1a70
Thread  C:\Windows\system32\svchost.exe [968:1992]                                                                                                   000007fefd4e1a70
Thread  C:\Windows\system32\svchost.exe [968:3724]                                                                                                   000007fef6cf506c
Thread  C:\Windows\system32\svchost.exe [968:3732]                                                                                                   000007fef8521c20
Thread  C:\Windows\system32\svchost.exe [968:3736]                                                                                                   000007fef8521c20
Thread  C:\Windows\system32\svchost.exe [968:3068]                                                                                                   000007fefd4e1a70
Thread  C:\Windows\system32\svchost.exe [968:1100]                                                                                                   000007fef7301ab0
Thread  C:\Windows\system32\svchost.exe [968:4076]                                                                                                   000007fefaba4164
Thread  C:\Windows\System32\spoolsv.exe [1316:2372]                                                                                                  000007fef7ee10c8
Thread  C:\Windows\System32\spoolsv.exe [1316:2380]                                                                                                  000007fef7ea6144
Thread  C:\Windows\System32\spoolsv.exe [1316:2384]                                                                                                  000007fef7c95fd0
Thread  C:\Windows\System32\spoolsv.exe [1316:2388]                                                                                                  000007fef7c83438
Thread  C:\Windows\System32\spoolsv.exe [1316:2392]                                                                                                  000007fef7c963ec
Thread  C:\Windows\System32\spoolsv.exe [1316:2400]                                                                                                  000007fef8145e5c
Thread  C:\Windows\System32\spoolsv.exe [1316:2404]                                                                                                  000007fef8015074
Thread  C:\Windows\System32\spoolsv.exe [1316:2444]                                                                                                  000007fef7f38760
Thread  C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [1580:1636]                                                            0000000054a38f75
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:2032]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:2036]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:2040]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:2044]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1032]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1028]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1144]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1148]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1244]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1276]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1280]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1372]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1396]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1000]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1440]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1004]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:996]                                                               000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1436]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1456]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1460]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1548]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1568]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1512]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1676]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1680]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1708]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1656]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1760]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1716]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1844]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1856]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1864]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1916]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1208]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1212]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1200]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1196]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1188]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1192]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1160]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1152]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1156]                                                              000007fef931529c
Thread  C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1668:1112]                                                              000007fef9316530

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{6E38DC7E-978E-422C-9C71-2F2FF44778CC}\Connection@Name  isatap.{C5203BCE-E8A9-4761-9748-BD944E4EE409}
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind     \Device\{6E38DC7E-978E-422C-9C71-2F2FF44778CC}?\Device\{11852436-8341-4F51-BF13-04DE28E6BE7A}?\Device\{07B6801C-A58A-46FC-A688-0B29D970484B}?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route    "{6E38DC7E-978E-422C-9C71-2F2FF44778CC}"?"{11852436-8341-4F51-BF13-04DE28E6BE7A}"?"{07B6801C-A58A-46FC-A688-0B29D970484B}"?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export   \Device\TCPIP6TUNNEL_{6E38DC7E-978E-422C-9C71-2F2FF44778CC}?\Device\TCPIP6TUNNEL_{11852436-8341-4F51-BF13-04DE28E6BE7A}?\Device\TCPIP6TUNNEL_{07B6801C-A58A-46FC-A688-0B29D970484B}?
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{6E38DC7E-978E-422C-9C71-2F2FF44778CC}@InterfaceName                       isatap.{C5203BCE-E8A9-4761-9748-BD944E4EE409}
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{6E38DC7E-978E-422C-9C71-2F2FF44778CC}@ReusableType                        0

---- EOF - GMER 2.1 ----
         

Alt 02.07.2013, 08:07   #2
schrauber
/// the machine
/// TB-Ausbilder
 

search.conduit (Reste) entfernen - Standard

search.conduit (Reste) entfernen



Hi,

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 02.07.2013, 11:38   #3
hsw1to1tbe
 
search.conduit (Reste) entfernen - Standard

search.conduit (Reste) entfernen



Hallo,

vielen Dank für die schnelle Antwort! Hier die Logs:

Adw:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 02/07/2013 um 12:25:11 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Sysop - INGO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sysop.Ingo-PC\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

*************************

AdwCleaner[S1].txt - [608 octets] - [02/07/2013 12:25:11]

########## EOF - C:\AdwCleaner[S1].txt - [667 octets] ##########
         
FRST64:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by Sysop (administrator) on 02-07-2013 12:28:06
Running from C:\Users\Sysop.Ingo-PC\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16395880 2009-10-03] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-09-03] (Synaptics Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
HKU\Ingo\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-08-29] (Apple Inc.)
HKU\Sysop\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sysop.Ingo-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.3.96.67 213.33.98.136

FireFox:
========
FF ProfilePath: C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Ghostery - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\firefox@ghostery.com
FF Extension: elemhidehelper - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: No Name - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\

==================== Services (Whitelisted) =================

S4 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
S4 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-02-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130629.001\IDSvia64.sys [513184 2013-02-16] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130629.001\IDSvia64.sys [513184 2013-02-16] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130701.021\ENG64.SYS [126040 2013-05-25] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130701.021\ENG64.SYS [126040 2013-05-25] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130701.021\EX64.SYS [2098776 2013-05-25] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130701.021\EX64.SYS [2098776 2013-05-25] (Symantec Corporation)
S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI64.sys [28192 2009-10-15] (T-Systems International GmbH)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-02-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-09-29] (CyberLink Corp.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-09-29] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-02 12:27 - 2013-07-02 12:27 - 00000735 ____A C:\Users\Sysop.Ingo-PC\Desktop\AdwCleaner[S1].txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000000 ____D C:\FRST
2013-07-02 12:25 - 2013-07-02 12:25 - 00000735 ____A C:\AdwCleaner[S1].txt
2013-07-02 12:22 - 2013-07-02 12:22 - 01933556 ____A (Farbar) C:\Users\Sysop.Ingo-PC\Desktop\FRST64.exe
2013-07-02 12:22 - 2013-07-02 12:22 - 00093808 ____A C:\Users\Sysop.Ingo-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-02 12:21 - 2013-07-02 12:21 - 00648201 ____A C:\Users\Sysop.Ingo-PC\Desktop\adwcleaner.exe
2013-07-02 08:12 - 2013-07-02 08:12 - 00000554 ____A C:\Windows\PFRO.log
2013-06-30 21:06 - 2013-06-30 21:07 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla
2013-06-30 21:06 - 2013-06-30 21:06 - 00012193 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer.log
2013-06-30 21:06 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Mozilla
2013-06-30 20:58 - 2013-06-30 20:58 - 00059996 ____A C:\Users\Sysop.Ingo-PC\Desktop\Extras.Txt
2013-06-30 20:53 - 2013-06-30 20:58 - 00076804 ____A C:\Users\Sysop.Ingo-PC\Desktop\OTL.Txt
2013-06-30 20:41 - 2013-06-30 20:41 - 00000000 ____A C:\Users\Sysop.Ingo-PC\defogger_reenable
2013-06-30 17:44 - 2013-06-30 17:44 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Macromedia
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Apple Computer
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Adobe
2013-06-30 17:38 - 2013-06-30 20:41 - 00000000 ____D C:\users\Sysop.Ingo-PC
2013-06-30 17:38 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\VirtualStore
2013-06-30 17:38 - 2013-06-30 17:38 - 00000020 ___SH C:\Users\Sysop.Ingo-PC\ntuser.ini
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Vorlagen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Startmenü
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Netzwerkumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Lokale Einstellungen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Eigene Dateien
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Druckumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Musik
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Bilder
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Verlauf
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Anwendungsdaten
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Anwendungsdaten
2013-06-30 17:38 - 2010-01-15 19:11 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Microsoft Help
2013-06-30 16:50 - 2013-06-30 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 16:26 - 2013-07-02 12:26 - 00000224 ____A C:\Windows\setupact.log
2013-06-30 16:26 - 2013-06-30 16:26 - 00000000 ____A C:\Windows\setuperr.log
2013-06-26 17:45 - 2013-06-26 19:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-21 08:51 - 2013-06-21 08:51 - 00002363 ____A C:\Users\Sysop.Ingo-PC\Documents\gmer.log
2013-06-21 08:41 - 2013-06-21 08:42 - 00088664 ____A C:\Users\Sysop.Ingo-PC\Documents\OTL.Txt
2013-06-20 15:00 - 2013-06-20 15:00 - 00000020 __ASH C:\Users\Sysop\ntuser.ini
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Vorlagen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Startmenü
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Netzwerkumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Lokale Einstellungen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Eigene Dateien
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Druckumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Musik
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Bilder
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Verlauf
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____D C:\users\Sysop
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____A C:\Users\Sysop\defogger_reenable
2013-06-20 15:00 - 2010-01-15 19:11 - 00000000 ____D C:\Users\Sysop\AppData\Local\Microsoft Help
2013-06-20 08:55 - 2013-06-20 08:55 - 00054294 ____A C:\Users\Sysop.Ingo-PC\Documents\Extras.Txt
2013-06-20 08:46 - 2013-06-30 20:41 - 00000472 ____A C:\Users\Sysop.Ingo-PC\Desktop\defogger_disable.log
2013-06-20 08:46 - 2013-06-20 08:46 - 00000000 ____A C:\Users\Ingo\defogger_reenable
2013-06-20 08:37 - 2013-06-20 08:37 - 00602112 ____A (OldTimer Tools) C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe
2013-06-20 08:28 - 2013-06-20 08:28 - 00377856 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer_2.1.19163.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00050477 ____A C:\Users\Sysop.Ingo-PC\Desktop\Defogger.exe
2013-06-19 21:19 - 2013-06-19 21:19 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-19 12:09 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 12:09 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 12:09 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 12:09 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 12:08 - 2013-06-19 12:09 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 09:22 - 2013-06-05 17:10 - 00009064 ____A (EldoS Corporation) C:\Windows\System32\elevtmsg.dll
2013-06-19 09:22 - 2012-08-23 16:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-06-19 09:22 - 2012-08-23 16:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-06-19 09:22 - 2012-08-23 16:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-06-19 09:22 - 2012-08-23 15:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-06-19 09:22 - 2012-08-23 15:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-06-19 09:22 - 2012-08-23 15:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-19 09:22 - 2012-08-23 15:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-19 09:22 - 2012-08-23 15:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-06-19 09:22 - 2012-08-23 15:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-06-19 09:22 - 2012-08-23 15:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-06-19 09:22 - 2012-08-23 15:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-06-19 09:22 - 2012-08-23 15:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-06-19 09:22 - 2012-08-23 14:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-06-19 09:22 - 2012-08-23 13:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-06-19 09:22 - 2012-08-23 13:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-06-19 09:22 - 2012-08-23 13:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-06-19 09:22 - 2012-08-23 13:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-06-19 09:22 - 2012-08-23 12:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-06-19 09:22 - 2012-08-23 12:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-06-19 09:22 - 2012-08-23 12:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-06-19 09:22 - 2012-08-23 12:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-06-19 09:22 - 2012-08-23 11:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-06-19 09:22 - 2012-08-23 10:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-19 09:22 - 2012-08-23 10:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-19 09:21 - 2012-08-24 20:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-06-19 09:21 - 2012-08-24 20:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-06-19 09:21 - 2012-08-24 20:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-06-19 09:21 - 2012-08-24 20:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-06-19 09:21 - 2012-08-24 18:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-06-19 09:21 - 2012-08-24 18:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-06-19 09:21 - 2012-08-24 18:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-06-19 09:21 - 2012-05-04 13:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-06-19 09:21 - 2012-05-04 11:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-06-19 08:24 - 2013-06-20 09:44 - 01603724 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-15 16:05 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 16:05 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 16:05 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 16:05 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 16:05 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 19:03 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 19:03 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 19:03 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 19:03 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 19:03 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 19:03 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 17:59 - 2013-06-12 17:59 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 16:40 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 16:40 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 16:40 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 16:40 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 16:40 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 16:40 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 16:40 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 16:39 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 16:39 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 16:39 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 16:39 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 16:39 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 16:39 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-06-11 10:28 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-06-11 10:28 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-06-11 10:27 - 2013-06-11 19:56 - 00000000 ____D C:\Users\Ingo\AppData\Local\Windows Live

==================== One Month Modified Files and Folders =======

2013-07-02 12:27 - 2013-07-02 12:27 - 00000735 ____A C:\Users\Sysop.Ingo-PC\Desktop\AdwCleaner[S1].txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000000 ____D C:\FRST
2013-07-02 12:26 - 2013-06-30 16:26 - 00000224 ____A C:\Windows\setupact.log
2013-07-02 12:26 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 12:25 - 2013-07-02 12:25 - 00000735 ____A C:\AdwCleaner[S1].txt
2013-07-02 12:25 - 2012-03-16 12:41 - 01424041 ____A C:\Windows\WindowsUpdate.log
2013-07-02 12:25 - 2009-07-14 06:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 12:25 - 2009-07-14 06:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 12:22 - 2013-07-02 12:22 - 01933556 ____A (Farbar) C:\Users\Sysop.Ingo-PC\Desktop\FRST64.exe
2013-07-02 12:22 - 2013-07-02 12:22 - 00093808 ____A C:\Users\Sysop.Ingo-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-02 12:21 - 2013-07-02 12:21 - 00648201 ____A C:\Users\Sysop.Ingo-PC\Desktop\adwcleaner.exe
2013-07-02 10:36 - 2011-12-25 10:23 - 00000000 ___RD C:\Users\Ingo\Dropbox
2013-07-02 10:36 - 2011-12-25 10:20 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Dropbox
2013-07-02 08:12 - 2013-07-02 08:12 - 00000554 ____A C:\Windows\PFRO.log
2013-07-02 08:12 - 2012-04-27 17:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-02 08:12 - 2009-07-14 06:45 - 00371760 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-30 21:07 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla
2013-06-30 21:06 - 2013-06-30 21:06 - 00012193 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer.log
2013-06-30 21:06 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Mozilla
2013-06-30 20:58 - 2013-06-30 20:58 - 00059996 ____A C:\Users\Sysop.Ingo-PC\Desktop\Extras.Txt
2013-06-30 20:58 - 2013-06-30 20:53 - 00076804 ____A C:\Users\Sysop.Ingo-PC\Desktop\OTL.Txt
2013-06-30 20:41 - 2013-06-30 20:41 - 00000000 ____A C:\Users\Sysop.Ingo-PC\defogger_reenable
2013-06-30 20:41 - 2013-06-30 17:38 - 00000000 ____D C:\users\Sysop.Ingo-PC
2013-06-30 20:41 - 2013-06-20 08:46 - 00000472 ____A C:\Users\Sysop.Ingo-PC\Desktop\defogger_disable.log
2013-06-30 17:44 - 2013-06-30 17:44 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Macromedia
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Apple Computer
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Adobe
2013-06-30 17:39 - 2013-06-30 17:38 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\VirtualStore
2013-06-30 17:38 - 2013-06-30 17:38 - 00000020 ___SH C:\Users\Sysop.Ingo-PC\ntuser.ini
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Vorlagen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Startmenü
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Netzwerkumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Lokale Einstellungen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Eigene Dateien
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Druckumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Musik
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Bilder
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Verlauf
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Anwendungsdaten
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Anwendungsdaten
2013-06-30 17:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-30 16:50 - 2013-06-30 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 16:26 - 2013-06-30 16:26 - 00000000 ____A C:\Windows\setuperr.log
2013-06-28 19:10 - 2009-12-02 19:12 - 00703230 ____A C:\Windows\System32\perfh007.dat
2013-06-28 19:10 - 2009-12-02 19:12 - 00150838 ____A C:\Windows\System32\perfc007.dat
2013-06-28 19:10 - 2009-07-14 07:13 - 01629444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-28 16:41 - 2010-01-13 13:12 - 00000000 ____D C:\Users\Ingo\Documents\Privat
2013-06-28 16:19 - 2013-05-19 18:40 - 00000000 ____D C:\Users\Ingo\Documents\Sticker
2013-06-26 19:01 - 2013-06-26 17:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-26 15:54 - 2010-01-12 17:14 - 00000000 ____D C:\Users\Ingo\AppData\Local\Microsoft Help
2013-06-25 12:18 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Kufstein
2013-06-22 12:25 - 2010-03-03 17:36 - 00000000 ____D C:\Windows\Minidump
2013-06-21 08:51 - 2013-06-21 08:51 - 00002363 ____A C:\Users\Sysop.Ingo-PC\Documents\gmer.log
2013-06-21 08:42 - 2013-06-21 08:41 - 00088664 ____A C:\Users\Sysop.Ingo-PC\Documents\OTL.Txt
2013-06-20 15:00 - 2013-06-20 15:00 - 00000020 __ASH C:\Users\Sysop\ntuser.ini
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Vorlagen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Startmenü
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Netzwerkumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Lokale Einstellungen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Eigene Dateien
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Druckumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Musik
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Bilder
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Verlauf
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____D C:\users\Sysop
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____A C:\Users\Sysop\defogger_reenable
2013-06-20 09:44 - 2013-06-19 08:24 - 01603724 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-20 08:55 - 2013-06-20 08:55 - 00054294 ____A C:\Users\Sysop.Ingo-PC\Documents\Extras.Txt
2013-06-20 08:46 - 2013-06-20 08:46 - 00000000 ____A C:\Users\Ingo\defogger_reenable
2013-06-20 08:46 - 2010-01-05 18:06 - 00000000 ____D C:\users\Ingo
2013-06-20 08:42 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Daniel
2013-06-20 08:37 - 2013-06-20 08:37 - 00602112 ____A (OldTimer Tools) C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe
2013-06-20 08:28 - 2013-06-20 08:28 - 00377856 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer_2.1.19163.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00050477 ____A C:\Users\Sysop.Ingo-PC\Desktop\Defogger.exe
2013-06-19 21:19 - 2013-06-19 21:19 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-19 17:17 - 2010-01-05 18:07 - 00000000 ____D C:\Users\Ingo\AppData\Local\VirtualStore
2013-06-19 12:18 - 2010-01-14 16:45 - 06620160 ____A C:\Users\Ingo\Documents\backup.pst
2013-06-19 12:17 - 2012-06-10 08:38 - 00000000 ____D C:\Users\Ingo\AppData\Local\8D128975-D491-4DC1-8654-8E2EBCF7F77A.aplzod
2013-06-19 12:09 - 2013-06-19 12:08 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 12:09 - 2012-04-14 17:35 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 09:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-19 09:04 - 2010-01-13 13:15 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-06-18 18:53 - 2009-10-24 01:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-18 08:17 - 2010-01-14 12:16 - 00002217 ____A C:\Windows\PTH2004G.INI
2013-06-18 08:17 - 2010-01-14 12:16 - 00000190 ____A C:\Windows\LangIDlib.INI
2013-06-18 08:15 - 2012-02-01 19:03 - 00001641 ____A C:\Windows\wininit.ini
2013-06-14 13:05 - 2012-09-11 19:53 - 00000000 ____D C:\Users\Ingo\Documents\Rolf
2013-06-14 11:54 - 2013-05-01 21:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-06-13 19:02 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-06-12 21:48 - 2012-07-11 10:20 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2010-04-18 08:17 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 12:09 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 12:09 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 12:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 12:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 19:05 - 2010-01-12 17:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 17:59 - 2013-06-12 17:59 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 17:59 - 2012-09-25 08:39 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:59 - 2011-06-05 08:04 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 19:56 - 2013-06-11 10:27 - 00000000 ____D C:\Users\Ingo\AppData\Local\Windows Live
2013-06-11 19:53 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-11 16:58 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-09 19:16 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Bank
2013-06-08 16:08 - 2013-06-15 16:05 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 16:05 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 16:05 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 16:05 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 16:05 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-05 17:10 - 2013-06-19 09:22 - 00009064 ____A (EldoS Corporation) C:\Windows\System32\elevtmsg.dll

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-06-26 21:19

==================== End Of Log ============================
         
--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2013
Ran by Sysop at 2013-07-02 12:28:54
Running from C:\Users\Sysop.Ingo-PC\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
64 Bit HP CIO Components Installer (Version: 6.2.2)
7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0.1)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0.1.3)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Advertising Center (x32 Version: 0.0.0.2)
Apple Application Support (x32 Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Canon MP Navigator EX 2.0 (x32)
Canon Utilities Solution Menu (x32)
CanoScan LiDE 200 Scanner Driver
CCleaner (Version: 4.02)
CDDRV_Installer (Version: 4.60)
CyberLink PowerDVD 8 (x32 Version: 8.0.3402)
GEAR driver installer for x86 and x64 (x32 Version: 4.008.5)
iCloud (Version: 2.0.2.187)
ImagXpress (x32 Version: 7.0.74.0)
IrfanView (remove only) (x32 Version: 4.30)
iTunes (Version: 10.7.0.21)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
KhalInstallWrapper (Version: 4.72.40)
Lotus Organizer 6.0 (x32)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4505.1510)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Ultimate 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero DiscSpeed (x32 Version: 5.4.7.201)
Nero DiscSpeed Help (x32 Version: 5.4.4.100)
Nero DriveSpeed (x32 Version: 4.4.7.201)
Nero DriveSpeed Help (x32 Version: 4.4.4.100)
Nero Express Help (x32 Version: 9.4.9.100)
Nero InfoTool (x32 Version: 6.4.7.201)
Nero InfoTool Help (x32 Version: 6.4.4.100)
Nero Installer (x32 Version: 4.4.8.1)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart (x32 Version: 9.4.11.209)
Nero StartSmart Help (x32 Version: 9.4.1.100)
Nero StartSmart OEM (x32 Version: 9.4.10.100)
NeroExpress (x32 Version: 9.4.10.505)
neroxml (x32 Version: 1.0.0)
Norton 360 (x32 Version: 6.4.1.14)
NVIDIA Drivers (Version: 1.9)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4505.1510)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4505.1510)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4505.1510)
Packard Bell InfoCentre (x32 Version: 3.02.3000)
Packard Bell Power Management (x32 Version: 4.05.3004)
Packard Bell Recovery Management (x32 Version: 4.05.3006)
Packard Bell Updater (x32 Version: 1.01.3017)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30104)
Samsung ML-2010 Series SmartPanel (x32)
Sudoku (x32)
Synaptics Pointing Device Driver (Version: 14.0.4.0)
TeamViewer 8 (x32 Version: 8.0.16642)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)

==================== Restore Points  =========================

11-06-2013 08:27:23 Windows Live Essentials
11-06-2013 08:28:40 DirectX wurde installiert
11-06-2013 08:29:16 DirectX wurde installiert
11-06-2013 17:48:22 Windows Live Essentials
12-06-2013 17:01:24 Windows Update
15-06-2013 14:04:49 Windows Update
18-06-2013 06:15:39 Removed Video Web Camera
19-06-2013 07:16:08 Windows Update
19-06-2013 07:21:55 Windows Update
19-06-2013 07:23:37 Gerätetreiber-Paketinstallation: EldoS Corporation Systemgeräte
20-06-2013 07:29:12 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {1F823116-4474-408D-8E1E-6E0119CE3648} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {21FD9EA3-189C-4939-A8A3-AE56179A1972} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {4DFC6C65-6C4E-48ED-80DF-CB6E1E0C3D91} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {512513A9-3E00-4375-93CC-F83229B6CD07} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {5D2C43F7-0667-4404-8F41-59007339C36D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-06-14] (Microsoft Corporation)
Task: {B6099374-38D5-4FDE-A4EC-D9F77F9B5B93} - System32\Tasks\Games\UpdateCheck_S-1-5-21-551582189-2095768138-3948745554-1000
Task: {B74E9FFF-82B3-4CE1-8F7B-99EDFDE7C380} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {BA64F4FB-CF4C-4232-AD78-35E978656139} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-06] (Microsoft Corporation)
Task: {C52296EE-CDB9-4D32-9515-066A1E3FC318} - System32\Tasks\{AE1D0868-CD1B-4FEB-81F5-49CF2262FE1F} => C:\Program Files (x86)\CCleaner\CCleaner64.exe [2013-05-24] (Piriform Ltd)
Task: {DEC48389-8EFF-47C6-A2B3-EBA9844EF0D3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2013 04:27:02 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/30/2013 04:27:02 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/30/2013 04:27:02 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/30/2013 04:27:01 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (06/30/2013 04:26:56 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/30/2013 04:26:56 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (06/30/2013 04:26:56 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/30/2013 04:26:56 PM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/30/2013 04:26:56 PM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (06/30/2013 04:26:56 PM) (Source: ESENT) (User: )
Description: Windows (2792) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0032D.log.


System errors:
=============
Error: (07/02/2013 00:26:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (07/02/2013 08:12:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (07/01/2013 08:21:33 PM) (Source: SRTSP) (User: )
Description: Error loading virus definitions.

Error: (07/01/2013 08:59:45 AM) (Source: SRTSP) (User: )
Description: Error loading virus definitions.

Error: (06/30/2013 04:44:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (06/30/2013 04:27:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/30/2013 04:27:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (06/30/2013 04:26:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (06/30/2013 10:10:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (06/29/2013 03:20:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (06/10/2012 08:39:43 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/10/2012 08:39:33 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/10/2012 08:39:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2010-01-13 19:51:03.052
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-01-13 19:45:06.206
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-01-13 19:35:18.959
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-01-13 19:29:44.646
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-01-13 19:16:42.716
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-01-13 18:37:24.840
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-01-13 18:12:10.192
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-01-13 18:04:52.532
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-01-13 17:53:52.820
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-01-13 17:43:35.379
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\T-Home\Dialerschutz-Software\df64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 4093.98 MB
Available physical RAM: 3017.94 MB
Total Pagefile: 8186.14 MB
Available Pagefile: 7145.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:285.99 GB) (Free:203.41 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: AFD7E89D)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 02.07.2013, 13:29   #4
schrauber
/// the machine
/// TB-Ausbilder
 

search.conduit (Reste) entfernen - Standard

search.conduit (Reste) entfernen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.07.2013, 19:12   #5
hsw1to1tbe
 
search.conduit (Reste) entfernen - Standard

search.conduit (Reste) entfernen



Hallo,

hier die nächsten Logs (ansonsten nichts Auffälliges):

Eset:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=23c40748ef3316429eff001ecafa66f6
# engine=14238
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-02 04:49:42
# local_time=2013-07-02 06:49:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 95 630231 123446278 0 0
# compatibility_mode=5893 16776574 100 94 70751071 124413632 0 0
# scanned=181026
# found=0
# cleaned=0
# scan_time=7155
         
SecurityCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Norton 360 Online   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (22.0) 
 Mozilla Thunderbird (17.0.7) 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST64:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by Sysop (administrator) on 02-07-2013 19:42:42
Running from C:\Users\Sysop.Ingo-PC\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16395880 2009-10-03] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-09-03] (Synaptics Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
HKU\Ingo\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-08-29] (Apple Inc.)
HKU\Sysop\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sysop.Ingo-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.3.96.67 213.33.98.136

FireFox:
========
FF ProfilePath: C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Ghostery - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\firefox@ghostery.com
FF Extension: elemhidehelper - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: No Name - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\

==================== Services (Whitelisted) =================

S4 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
S4 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-02-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130629.001\IDSvia64.sys [513184 2013-02-16] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130629.001\IDSvia64.sys [513184 2013-02-16] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130702.002\ENG64.SYS [126040 2013-05-25] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130702.002\ENG64.SYS [126040 2013-05-25] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130702.002\EX64.SYS [2098776 2013-05-25] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130702.002\EX64.SYS [2098776 2013-05-25] (Symantec Corporation)
S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI64.sys [28192 2009-10-15] (T-Systems International GmbH)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-02-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-09-29] (CyberLink Corp.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-09-29] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-02 19:41 - 2013-07-02 19:41 - 00000841 ____A C:\Users\Sysop.Ingo-PC\Desktop\checkup.txt
2013-07-02 16:44 - 2013-07-02 16:44 - 00890988 ____A C:\Users\Sysop.Ingo-PC\Desktop\SecurityCheck.exe
2013-07-02 16:43 - 2013-07-02 16:43 - 02347384 ____A (ESET) C:\Users\Sysop.Ingo-PC\Desktop\esetsmartinstaller_enu.exe
2013-07-02 13:01 - 2013-07-02 13:01 - 00041723 ____A C:\Users\Sysop.Ingo-PC\Desktop\FRST (alt).txt
2013-07-02 12:58 - 2013-07-02 12:58 - 00000794 ____A C:\AdwCleaner[S2].txt
2013-07-02 12:28 - 2013-07-02 12:30 - 00019121 ____A C:\Users\Sysop.Ingo-PC\Desktop\Addition (alt).txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000735 ____A C:\Users\Sysop.Ingo-PC\Desktop\AdwCleaner[S1].txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000000 ____D C:\FRST
2013-07-02 12:25 - 2013-07-02 12:25 - 00000735 ____A C:\AdwCleaner[S1].txt
2013-07-02 12:22 - 2013-07-02 12:22 - 01933556 ____A (Farbar) C:\Users\Sysop.Ingo-PC\Desktop\FRST64.exe
2013-07-02 12:22 - 2013-07-02 12:22 - 00093808 ____A C:\Users\Sysop.Ingo-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-02 12:21 - 2013-07-02 12:21 - 00648201 ____A C:\Users\Sysop.Ingo-PC\Desktop\adwcleaner.exe
2013-07-02 08:12 - 2013-07-02 08:12 - 00000554 ____A C:\Windows\PFRO.log
2013-06-30 21:06 - 2013-06-30 21:07 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla
2013-06-30 21:06 - 2013-06-30 21:06 - 00012193 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer.log
2013-06-30 21:06 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Mozilla
2013-06-30 20:58 - 2013-06-30 20:58 - 00059996 ____A C:\Users\Sysop.Ingo-PC\Desktop\Extras (alt).Txt
2013-06-30 20:53 - 2013-06-30 20:58 - 00076804 ____A C:\Users\Sysop.Ingo-PC\Desktop\OTL (alt).Txt
2013-06-30 20:41 - 2013-06-30 20:41 - 00000000 ____A C:\Users\Sysop.Ingo-PC\defogger_reenable
2013-06-30 17:44 - 2013-06-30 17:44 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Macromedia
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Apple Computer
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Adobe
2013-06-30 17:38 - 2013-06-30 20:41 - 00000000 ____D C:\users\Sysop.Ingo-PC
2013-06-30 17:38 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\VirtualStore
2013-06-30 17:38 - 2013-06-30 17:38 - 00000020 ___SH C:\Users\Sysop.Ingo-PC\ntuser.ini
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Vorlagen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Startmenü
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Netzwerkumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Lokale Einstellungen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Eigene Dateien
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Druckumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Musik
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Bilder
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Verlauf
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Anwendungsdaten
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Anwendungsdaten
2013-06-30 17:38 - 2010-01-15 19:11 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Microsoft Help
2013-06-30 16:50 - 2013-06-30 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 16:26 - 2013-07-02 12:59 - 00000280 ____A C:\Windows\setupact.log
2013-06-30 16:26 - 2013-06-30 16:26 - 00000000 ____A C:\Windows\setuperr.log
2013-06-26 17:45 - 2013-06-26 19:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-21 08:51 - 2013-06-21 08:51 - 00002363 ____A C:\Users\Sysop.Ingo-PC\Documents\gmer.log
2013-06-21 08:41 - 2013-06-21 08:42 - 00088664 ____A C:\Users\Sysop.Ingo-PC\Documents\OTL.Txt
2013-06-20 15:00 - 2013-06-20 15:00 - 00000020 __ASH C:\Users\Sysop\ntuser.ini
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Vorlagen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Startmenü
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Netzwerkumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Lokale Einstellungen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Eigene Dateien
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Druckumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Musik
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Bilder
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Verlauf
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____D C:\users\Sysop
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____A C:\Users\Sysop\defogger_reenable
2013-06-20 15:00 - 2010-01-15 19:11 - 00000000 ____D C:\Users\Sysop\AppData\Local\Microsoft Help
2013-06-20 08:55 - 2013-06-20 08:55 - 00054294 ____A C:\Users\Sysop.Ingo-PC\Documents\Extras.Txt
2013-06-20 08:46 - 2013-06-30 20:41 - 00000472 ____A C:\Users\Sysop.Ingo-PC\Desktop\defogger_disable.log
2013-06-20 08:46 - 2013-06-20 08:46 - 00000000 ____A C:\Users\Ingo\defogger_reenable
2013-06-20 08:37 - 2013-06-20 08:37 - 00602112 ____A (OldTimer Tools) C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe
2013-06-20 08:28 - 2013-06-20 08:28 - 00377856 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer_2.1.19163.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00050477 ____A C:\Users\Sysop.Ingo-PC\Desktop\Defogger.exe
2013-06-19 21:19 - 2013-06-19 21:19 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-19 12:09 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 12:09 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 12:09 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 12:09 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 12:08 - 2013-06-19 12:09 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 09:22 - 2013-06-05 17:10 - 00009064 ____A (EldoS Corporation) C:\Windows\System32\elevtmsg.dll
2013-06-19 09:22 - 2012-08-23 16:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-06-19 09:22 - 2012-08-23 16:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-06-19 09:22 - 2012-08-23 16:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-06-19 09:22 - 2012-08-23 15:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-06-19 09:22 - 2012-08-23 15:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-06-19 09:22 - 2012-08-23 15:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-19 09:22 - 2012-08-23 15:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-19 09:22 - 2012-08-23 15:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-06-19 09:22 - 2012-08-23 15:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-06-19 09:22 - 2012-08-23 15:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-06-19 09:22 - 2012-08-23 15:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-06-19 09:22 - 2012-08-23 15:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-06-19 09:22 - 2012-08-23 14:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-06-19 09:22 - 2012-08-23 13:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-06-19 09:22 - 2012-08-23 13:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-06-19 09:22 - 2012-08-23 13:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-06-19 09:22 - 2012-08-23 13:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-06-19 09:22 - 2012-08-23 12:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-06-19 09:22 - 2012-08-23 12:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-06-19 09:22 - 2012-08-23 12:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-06-19 09:22 - 2012-08-23 12:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-06-19 09:22 - 2012-08-23 11:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-06-19 09:22 - 2012-08-23 10:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-19 09:22 - 2012-08-23 10:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-19 09:21 - 2012-08-24 20:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-06-19 09:21 - 2012-08-24 20:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-06-19 09:21 - 2012-08-24 20:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-06-19 09:21 - 2012-08-24 20:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-06-19 09:21 - 2012-08-24 18:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-06-19 09:21 - 2012-08-24 18:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-06-19 09:21 - 2012-08-24 18:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-06-19 09:21 - 2012-05-04 13:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-06-19 09:21 - 2012-05-04 11:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-06-19 08:24 - 2013-06-20 09:44 - 01603724 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-15 16:05 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 16:05 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 16:05 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 16:05 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 16:05 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 19:03 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 19:03 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 19:03 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 19:03 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 19:03 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 19:03 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 17:59 - 2013-06-12 17:59 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 16:40 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 16:40 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 16:40 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 16:40 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 16:40 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 16:40 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 16:40 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 16:39 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 16:39 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 16:39 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 16:39 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 16:39 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 16:39 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-06-11 10:28 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-06-11 10:28 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-06-11 10:27 - 2013-06-11 19:56 - 00000000 ____D C:\Users\Ingo\AppData\Local\Windows Live

==================== One Month Modified Files and Folders =======

2013-07-02 19:41 - 2013-07-02 19:41 - 00000841 ____A C:\Users\Sysop.Ingo-PC\Desktop\checkup.txt
2013-07-02 18:35 - 2012-03-16 12:41 - 01436481 ____A C:\Windows\WindowsUpdate.log
2013-07-02 17:48 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\auf Desktop gewesen
2013-07-02 16:44 - 2013-07-02 16:44 - 00890988 ____A C:\Users\Sysop.Ingo-PC\Desktop\SecurityCheck.exe
2013-07-02 16:43 - 2013-07-02 16:43 - 02347384 ____A (ESET) C:\Users\Sysop.Ingo-PC\Desktop\esetsmartinstaller_enu.exe
2013-07-02 13:50 - 2009-07-14 06:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 13:50 - 2009-07-14 06:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 13:01 - 2013-07-02 13:01 - 00041723 ____A C:\Users\Sysop.Ingo-PC\Desktop\FRST (alt).txt
2013-07-02 12:59 - 2013-06-30 16:26 - 00000280 ____A C:\Windows\setupact.log
2013-07-02 12:59 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 12:58 - 2013-07-02 12:58 - 00000794 ____A C:\AdwCleaner[S2].txt
2013-07-02 12:30 - 2013-07-02 12:28 - 00019121 ____A C:\Users\Sysop.Ingo-PC\Desktop\Addition (alt).txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000735 ____A C:\Users\Sysop.Ingo-PC\Desktop\AdwCleaner[S1].txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000000 ____D C:\FRST
2013-07-02 12:25 - 2013-07-02 12:25 - 00000735 ____A C:\AdwCleaner[S1].txt
2013-07-02 12:22 - 2013-07-02 12:22 - 01933556 ____A (Farbar) C:\Users\Sysop.Ingo-PC\Desktop\FRST64.exe
2013-07-02 12:22 - 2013-07-02 12:22 - 00093808 ____A C:\Users\Sysop.Ingo-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-02 12:21 - 2013-07-02 12:21 - 00648201 ____A C:\Users\Sysop.Ingo-PC\Desktop\adwcleaner.exe
2013-07-02 10:36 - 2011-12-25 10:23 - 00000000 ___RD C:\Users\Ingo\Dropbox
2013-07-02 10:36 - 2011-12-25 10:20 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Dropbox
2013-07-02 08:12 - 2013-07-02 08:12 - 00000554 ____A C:\Windows\PFRO.log
2013-07-02 08:12 - 2012-04-27 17:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-02 08:12 - 2009-07-14 06:45 - 00371760 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-30 21:07 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla
2013-06-30 21:06 - 2013-06-30 21:06 - 00012193 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer.log
2013-06-30 21:06 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Mozilla
2013-06-30 20:58 - 2013-06-30 20:58 - 00059996 ____A C:\Users\Sysop.Ingo-PC\Desktop\Extras (alt).Txt
2013-06-30 20:58 - 2013-06-30 20:53 - 00076804 ____A C:\Users\Sysop.Ingo-PC\Desktop\OTL (alt).Txt
2013-06-30 20:41 - 2013-06-30 20:41 - 00000000 ____A C:\Users\Sysop.Ingo-PC\defogger_reenable
2013-06-30 20:41 - 2013-06-30 17:38 - 00000000 ____D C:\users\Sysop.Ingo-PC
2013-06-30 20:41 - 2013-06-20 08:46 - 00000472 ____A C:\Users\Sysop.Ingo-PC\Desktop\defogger_disable.log
2013-06-30 17:44 - 2013-06-30 17:44 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Macromedia
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Apple Computer
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Adobe
2013-06-30 17:39 - 2013-06-30 17:38 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\VirtualStore
2013-06-30 17:38 - 2013-06-30 17:38 - 00000020 ___SH C:\Users\Sysop.Ingo-PC\ntuser.ini
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Vorlagen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Startmenü
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Netzwerkumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Lokale Einstellungen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Eigene Dateien
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Druckumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Musik
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Bilder
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Verlauf
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Anwendungsdaten
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Anwendungsdaten
2013-06-30 17:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-30 16:50 - 2013-06-30 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 16:26 - 2013-06-30 16:26 - 00000000 ____A C:\Windows\setuperr.log
2013-06-28 19:10 - 2009-12-02 19:12 - 00703230 ____A C:\Windows\System32\perfh007.dat
2013-06-28 19:10 - 2009-12-02 19:12 - 00150838 ____A C:\Windows\System32\perfc007.dat
2013-06-28 19:10 - 2009-07-14 07:13 - 01629444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-28 16:41 - 2010-01-13 13:12 - 00000000 ____D C:\Users\Ingo\Documents\Privat
2013-06-28 16:19 - 2013-05-19 18:40 - 00000000 ____D C:\Users\Ingo\Documents\Sticker
2013-06-26 19:01 - 2013-06-26 17:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-26 15:54 - 2010-01-12 17:14 - 00000000 ____D C:\Users\Ingo\AppData\Local\Microsoft Help
2013-06-25 12:18 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Kufstein
2013-06-22 12:25 - 2010-03-03 17:36 - 00000000 ____D C:\Windows\Minidump
2013-06-21 08:51 - 2013-06-21 08:51 - 00002363 ____A C:\Users\Sysop.Ingo-PC\Documents\gmer.log
2013-06-21 08:42 - 2013-06-21 08:41 - 00088664 ____A C:\Users\Sysop.Ingo-PC\Documents\OTL.Txt
2013-06-20 15:00 - 2013-06-20 15:00 - 00000020 __ASH C:\Users\Sysop\ntuser.ini
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Vorlagen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Startmenü
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Netzwerkumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Lokale Einstellungen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Eigene Dateien
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Druckumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Musik
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Bilder
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Verlauf
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____D C:\users\Sysop
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____A C:\Users\Sysop\defogger_reenable
2013-06-20 09:44 - 2013-06-19 08:24 - 01603724 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-20 08:55 - 2013-06-20 08:55 - 00054294 ____A C:\Users\Sysop.Ingo-PC\Documents\Extras.Txt
2013-06-20 08:46 - 2013-06-20 08:46 - 00000000 ____A C:\Users\Ingo\defogger_reenable
2013-06-20 08:46 - 2010-01-05 18:06 - 00000000 ____D C:\users\Ingo
2013-06-20 08:42 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Daniel
2013-06-20 08:37 - 2013-06-20 08:37 - 00602112 ____A (OldTimer Tools) C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe
2013-06-20 08:28 - 2013-06-20 08:28 - 00377856 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer_2.1.19163.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00050477 ____A C:\Users\Sysop.Ingo-PC\Desktop\Defogger.exe
2013-06-19 21:19 - 2013-06-19 21:19 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-19 17:17 - 2010-01-05 18:07 - 00000000 ____D C:\Users\Ingo\AppData\Local\VirtualStore
2013-06-19 12:18 - 2010-01-14 16:45 - 06620160 ____A C:\Users\Ingo\Documents\backup.pst
2013-06-19 12:17 - 2012-06-10 08:38 - 00000000 ____D C:\Users\Ingo\AppData\Local\8D128975-D491-4DC1-8654-8E2EBCF7F77A.aplzod
2013-06-19 12:09 - 2013-06-19 12:08 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 12:09 - 2012-04-14 17:35 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 09:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-19 09:04 - 2010-01-13 13:15 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-06-18 18:53 - 2009-10-24 01:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-18 08:17 - 2010-01-14 12:16 - 00002217 ____A C:\Windows\PTH2004G.INI
2013-06-18 08:17 - 2010-01-14 12:16 - 00000190 ____A C:\Windows\LangIDlib.INI
2013-06-18 08:15 - 2012-02-01 19:03 - 00001641 ____A C:\Windows\wininit.ini
2013-06-14 13:05 - 2012-09-11 19:53 - 00000000 ____D C:\Users\Ingo\Documents\Rolf
2013-06-14 11:54 - 2013-05-01 21:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-06-13 19:02 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-06-12 21:48 - 2012-07-11 10:20 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2010-04-18 08:17 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 12:09 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 12:09 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 12:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 12:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 19:05 - 2010-01-12 17:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 17:59 - 2013-06-12 17:59 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 17:59 - 2012-09-25 08:39 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:59 - 2011-06-05 08:04 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 19:56 - 2013-06-11 10:27 - 00000000 ____D C:\Users\Ingo\AppData\Local\Windows Live
2013-06-11 19:53 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-11 16:58 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-09 19:16 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Bank
2013-06-08 16:08 - 2013-06-15 16:05 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 16:05 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 16:05 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 16:05 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 16:05 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-05 17:10 - 2013-06-19 09:22 - 00009064 ____A (EldoS Corporation) C:\Windows\System32\elevtmsg.dll

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-06-26 21:19

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Hallo nochmal,

habe leider übersehen, daß sich Norton 360 während des ESET-Scans wieder automatisch reaktiviert hatte, lasse alle Scans nochmal durchlaufen und melde mich dann später noch einmal. Zusätzlich habe ich die mir verdächtigen Teile aus der Firefox-about:config noch einmal angesehen: Zur Thread-Eröffnung stand unter CT2325506.navigationAliasesJson noch search.conduit; dieser Eintrag fehlt jetzt, dafür sind andere aufgetaucht...

Auszug about:config:
Code:
ATTFilter
CT2325506.1000234.weatherData;0000
CT2325506.ENABALE_HISTORY;{"dataType":"string","data":"true"}
CT2325506.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE;{"dataType":"string","data":"true"}
CT2325506.isEnableAllDialogs;{"dataType":"string","data":"true"}
CT2325506.isToolbarShrinked;{"dataType":"string","data":"false"}
CT2325506.isWelcomPage;{"dataType":"boolean","data":"true"}
CT2325506.navigationAliasesJson;{"EB_SEARCH_TERM":"","EB_MAIN_FRAME_URL":"chrome%3A%2F%2Fspeeddial%2Fcontent%2Fspeeddial.xul","EB_MAIN_FRAME_TITLE":"","EB_TOOLBAR_SUB_DOMAIN":"hxxp://wwwFreewaredownloadcom.CommunityToolbars.com/","EB_TOOLBAR_ID":"CT2325506","EB_TOOLBAR_VERSION":"10.13.1.89","EB_ORIGINAL_CTID":"CT2325506","EB_DOWNLOAD_PAGE":"hxxp://wwwFreewaredownloadcom.CommunityToolbars.com/","EB_TOOLBAR_NAME":"www.Freeware-download.com"}
CT2325506.personalApps;{"dataType":"object","data":"[\"WEATHER\"]"}
CT2325506.selectToSearchBoxEnabled;{"dataType":"string","data":"true"}
CT2325506.serviceLayer_service_login_isFirstLoginInvoked;{"dataType":"boolean","data":"true"}
CT2325506.serviceLayer_service_login_loginCount;{"dataType":"number","data":"2"}
CT2325506.serviceLayer_service_toolbarGrouping_activeCTID;{"dataType":"string","data":"CT2325506"}
         
Hier der 2. Durchgang!

ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=23c40748ef3316429eff001ecafa66f6
# engine=14241
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-02 09:19:53
# local_time=2013-07-02 11:19:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 95 646442 123462489 0 0
# compatibility_mode=5893 16776574 100 94 70767282 124429843 0 0
# scanned=181089
# found=0
# cleaned=0
# scan_time=8620
         
SecurityCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Norton 360 Online   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (22.0) 
 Mozilla Thunderbird (17.0.7) 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST64:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by Sysop (administrator) on 03-07-2013 00:28:16
Running from C:\Users\Sysop.Ingo-PC\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16395880 2009-10-03] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-09-03] (Synaptics Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
HKU\Ingo\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-08-29] (Apple Inc.)
HKU\Sysop\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
Startup: C:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sysop.Ingo-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.3.96.67 213.33.98.136

FireFox:
========
FF ProfilePath: C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Ghostery - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\firefox@ghostery.com
FF Extension: elemhidehelper - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: No Name - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kfa8fnwa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\

==================== Services (Whitelisted) =================

S4 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
S4 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-02-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130629.001\IDSvia64.sys [513184 2013-02-16] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130629.001\IDSvia64.sys [513184 2013-02-16] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130702.002\ENG64.SYS [126040 2013-05-25] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130702.002\ENG64.SYS [126040 2013-05-25] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130702.002\EX64.SYS [2098776 2013-05-25] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130702.002\EX64.SYS [2098776 2013-05-25] (Symantec Corporation)
S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI64.sys [28192 2009-10-15] (T-Systems International GmbH)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-02-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-09-29] (CyberLink Corp.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-09-29] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-03 00:27 - 2013-07-03 00:27 - 00000841 ____A C:\Users\Sysop.Ingo-PC\Desktop\checkup.txt
2013-07-02 20:25 - 2013-07-02 20:25 - 00001237 ____A C:\Users\Sysop.Ingo-PC\Desktop\CT2325506.txt
2013-07-02 20:13 - 2013-07-02 20:13 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Adobe
2013-07-02 19:43 - 2013-07-02 19:43 - 00042677 ____A C:\Users\Sysop.Ingo-PC\Desktop\FRST (alt2).txt
2013-07-02 19:41 - 2013-07-02 19:41 - 00000841 ____A C:\Users\Sysop.Ingo-PC\Desktop\checkup (alt).txt
2013-07-02 16:44 - 2013-07-02 16:44 - 00890988 ____A C:\Users\Sysop.Ingo-PC\Desktop\SecurityCheck.exe
2013-07-02 16:43 - 2013-07-02 16:43 - 02347384 ____A (ESET) C:\Users\Sysop.Ingo-PC\Desktop\esetsmartinstaller_enu.exe
2013-07-02 13:01 - 2013-07-02 13:01 - 00041723 ____A C:\Users\Sysop.Ingo-PC\Desktop\FRST (alt).txt
2013-07-02 12:58 - 2013-07-02 12:58 - 00000794 ____A C:\AdwCleaner[S2].txt
2013-07-02 12:28 - 2013-07-02 12:30 - 00019121 ____A C:\Users\Sysop.Ingo-PC\Desktop\Addition (alt).txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000735 ____A C:\Users\Sysop.Ingo-PC\Desktop\AdwCleaner[S1].txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000000 ____D C:\FRST
2013-07-02 12:25 - 2013-07-02 12:25 - 00000735 ____A C:\AdwCleaner[S1].txt
2013-07-02 12:22 - 2013-07-02 12:22 - 01933556 ____A (Farbar) C:\Users\Sysop.Ingo-PC\Desktop\FRST64.exe
2013-07-02 12:22 - 2013-07-02 12:22 - 00093808 ____A C:\Users\Sysop.Ingo-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-02 12:21 - 2013-07-02 12:21 - 00648201 ____A C:\Users\Sysop.Ingo-PC\Desktop\adwcleaner.exe
2013-07-02 08:12 - 2013-07-02 19:53 - 00001380 ____A C:\Windows\PFRO.log
2013-06-30 21:06 - 2013-06-30 21:07 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla
2013-06-30 21:06 - 2013-06-30 21:06 - 00012193 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer.log
2013-06-30 21:06 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Mozilla
2013-06-30 20:58 - 2013-06-30 20:58 - 00059996 ____A C:\Users\Sysop.Ingo-PC\Desktop\Extras (alt).Txt
2013-06-30 20:53 - 2013-06-30 20:58 - 00076804 ____A C:\Users\Sysop.Ingo-PC\Desktop\OTL (alt).Txt
2013-06-30 20:41 - 2013-06-30 20:41 - 00000000 ____A C:\Users\Sysop.Ingo-PC\defogger_reenable
2013-06-30 17:44 - 2013-06-30 17:44 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Macromedia
2013-06-30 17:39 - 2013-07-02 20:13 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Adobe
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Apple Computer
2013-06-30 17:38 - 2013-06-30 20:41 - 00000000 ____D C:\users\Sysop.Ingo-PC
2013-06-30 17:38 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\VirtualStore
2013-06-30 17:38 - 2013-06-30 17:38 - 00000020 ___SH C:\Users\Sysop.Ingo-PC\ntuser.ini
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Vorlagen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Startmenü
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Netzwerkumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Lokale Einstellungen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Eigene Dateien
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Druckumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Musik
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Bilder
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Verlauf
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Anwendungsdaten
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Anwendungsdaten
2013-06-30 17:38 - 2010-01-15 19:11 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Microsoft Help
2013-06-30 16:50 - 2013-06-30 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 16:26 - 2013-07-02 19:53 - 00000336 ____A C:\Windows\setupact.log
2013-06-30 16:26 - 2013-06-30 16:26 - 00000000 ____A C:\Windows\setuperr.log
2013-06-26 17:45 - 2013-06-26 19:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-21 08:51 - 2013-06-21 08:51 - 00002363 ____A C:\Users\Sysop.Ingo-PC\Documents\gmer.log
2013-06-21 08:41 - 2013-06-21 08:42 - 00088664 ____A C:\Users\Sysop.Ingo-PC\Documents\OTL.Txt
2013-06-20 15:00 - 2013-06-20 15:00 - 00000020 __ASH C:\Users\Sysop\ntuser.ini
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Vorlagen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Startmenü
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Netzwerkumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Lokale Einstellungen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Eigene Dateien
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Druckumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Musik
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Bilder
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Verlauf
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____D C:\users\Sysop
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____A C:\Users\Sysop\defogger_reenable
2013-06-20 15:00 - 2010-01-15 19:11 - 00000000 ____D C:\Users\Sysop\AppData\Local\Microsoft Help
2013-06-20 08:55 - 2013-06-20 08:55 - 00054294 ____A C:\Users\Sysop.Ingo-PC\Documents\Extras.Txt
2013-06-20 08:46 - 2013-06-30 20:41 - 00000472 ____A C:\Users\Sysop.Ingo-PC\Desktop\defogger_disable.log
2013-06-20 08:46 - 2013-06-20 08:46 - 00000000 ____A C:\Users\Ingo\defogger_reenable
2013-06-20 08:37 - 2013-06-20 08:37 - 00602112 ____A (OldTimer Tools) C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe
2013-06-20 08:28 - 2013-06-20 08:28 - 00377856 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer_2.1.19163.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00050477 ____A C:\Users\Sysop.Ingo-PC\Desktop\Defogger.exe
2013-06-19 21:19 - 2013-06-19 21:19 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-19 12:09 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 12:09 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-19 12:09 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-19 12:09 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-19 12:08 - 2013-06-19 12:09 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 09:22 - 2013-06-05 17:10 - 00009064 ____A (EldoS Corporation) C:\Windows\System32\elevtmsg.dll
2013-06-19 09:22 - 2012-08-23 16:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-06-19 09:22 - 2012-08-23 16:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-06-19 09:22 - 2012-08-23 16:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-06-19 09:22 - 2012-08-23 15:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-06-19 09:22 - 2012-08-23 15:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-06-19 09:22 - 2012-08-23 15:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-19 09:22 - 2012-08-23 15:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-19 09:22 - 2012-08-23 15:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-06-19 09:22 - 2012-08-23 15:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-06-19 09:22 - 2012-08-23 15:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-06-19 09:22 - 2012-08-23 15:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-06-19 09:22 - 2012-08-23 15:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-06-19 09:22 - 2012-08-23 14:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-06-19 09:22 - 2012-08-23 13:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-06-19 09:22 - 2012-08-23 13:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-06-19 09:22 - 2012-08-23 13:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-06-19 09:22 - 2012-08-23 13:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-06-19 09:22 - 2012-08-23 12:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-06-19 09:22 - 2012-08-23 12:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-06-19 09:22 - 2012-08-23 12:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-06-19 09:22 - 2012-08-23 12:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-06-19 09:22 - 2012-08-23 11:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-06-19 09:22 - 2012-08-23 10:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-19 09:22 - 2012-08-23 10:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-19 09:21 - 2012-08-24 20:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-06-19 09:21 - 2012-08-24 20:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-06-19 09:21 - 2012-08-24 20:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-06-19 09:21 - 2012-08-24 20:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-06-19 09:21 - 2012-08-24 18:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-06-19 09:21 - 2012-08-24 18:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-06-19 09:21 - 2012-08-24 18:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-06-19 09:21 - 2012-05-04 13:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-06-19 09:21 - 2012-05-04 11:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-06-19 08:24 - 2013-06-20 09:44 - 01603724 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-15 16:05 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 16:05 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 16:05 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 16:05 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 16:05 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 16:05 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 16:05 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 19:03 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 19:03 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 19:03 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 19:03 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 19:03 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 19:03 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 19:03 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 19:03 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 17:59 - 2013-06-12 17:59 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 16:40 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 16:40 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 16:40 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 16:40 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 16:40 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 16:40 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 16:40 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 16:39 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 16:39 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 16:39 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 16:39 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 16:39 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 16:39 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 16:39 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 16:39 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-06-11 10:29 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-06-11 10:29 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-06-11 10:28 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-06-11 10:28 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-06-11 10:27 - 2013-06-11 19:56 - 00000000 ____D C:\Users\Ingo\AppData\Local\Windows Live

==================== One Month Modified Files and Folders =======

2013-07-03 00:27 - 2013-07-03 00:27 - 00000841 ____A C:\Users\Sysop.Ingo-PC\Desktop\checkup.txt
2013-07-02 23:23 - 2012-03-16 12:41 - 01444889 ____A C:\Windows\WindowsUpdate.log
2013-07-02 20:25 - 2013-07-02 20:25 - 00001237 ____A C:\Users\Sysop.Ingo-PC\Desktop\CT2325506.txt
2013-07-02 20:17 - 2011-12-25 10:23 - 00000000 ___RD C:\Users\Ingo\Dropbox
2013-07-02 20:17 - 2011-12-25 10:20 - 00000000 ____D C:\Users\Ingo\AppData\Roaming\Dropbox
2013-07-02 20:13 - 2013-07-02 20:13 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Adobe
2013-07-02 20:13 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Adobe
2013-07-02 20:00 - 2009-07-14 06:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 20:00 - 2009-07-14 06:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 19:53 - 2013-07-02 08:12 - 00001380 ____A C:\Windows\PFRO.log
2013-07-02 19:53 - 2013-06-30 16:26 - 00000336 ____A C:\Windows\setupact.log
2013-07-02 19:53 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 19:43 - 2013-07-02 19:43 - 00042677 ____A C:\Users\Sysop.Ingo-PC\Desktop\FRST (alt2).txt
2013-07-02 19:41 - 2013-07-02 19:41 - 00000841 ____A C:\Users\Sysop.Ingo-PC\Desktop\checkup (alt).txt
2013-07-02 17:48 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\auf Desktop gewesen
2013-07-02 16:44 - 2013-07-02 16:44 - 00890988 ____A C:\Users\Sysop.Ingo-PC\Desktop\SecurityCheck.exe
2013-07-02 16:43 - 2013-07-02 16:43 - 02347384 ____A (ESET) C:\Users\Sysop.Ingo-PC\Desktop\esetsmartinstaller_enu.exe
2013-07-02 13:01 - 2013-07-02 13:01 - 00041723 ____A C:\Users\Sysop.Ingo-PC\Desktop\FRST (alt).txt
2013-07-02 12:58 - 2013-07-02 12:58 - 00000794 ____A C:\AdwCleaner[S2].txt
2013-07-02 12:30 - 2013-07-02 12:28 - 00019121 ____A C:\Users\Sysop.Ingo-PC\Desktop\Addition (alt).txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000735 ____A C:\Users\Sysop.Ingo-PC\Desktop\AdwCleaner[S1].txt
2013-07-02 12:27 - 2013-07-02 12:27 - 00000000 ____D C:\FRST
2013-07-02 12:25 - 2013-07-02 12:25 - 00000735 ____A C:\AdwCleaner[S1].txt
2013-07-02 12:22 - 2013-07-02 12:22 - 01933556 ____A (Farbar) C:\Users\Sysop.Ingo-PC\Desktop\FRST64.exe
2013-07-02 12:22 - 2013-07-02 12:22 - 00093808 ____A C:\Users\Sysop.Ingo-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-02 12:21 - 2013-07-02 12:21 - 00648201 ____A C:\Users\Sysop.Ingo-PC\Desktop\adwcleaner.exe
2013-07-02 08:12 - 2012-04-27 17:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-02 08:12 - 2009-07-14 06:45 - 00371760 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-30 21:07 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Mozilla
2013-06-30 21:06 - 2013-06-30 21:06 - 00012193 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer.log
2013-06-30 21:06 - 2013-06-30 21:06 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\Mozilla
2013-06-30 20:58 - 2013-06-30 20:58 - 00059996 ____A C:\Users\Sysop.Ingo-PC\Desktop\Extras (alt).Txt
2013-06-30 20:58 - 2013-06-30 20:53 - 00076804 ____A C:\Users\Sysop.Ingo-PC\Desktop\OTL (alt).Txt
2013-06-30 20:41 - 2013-06-30 20:41 - 00000000 ____A C:\Users\Sysop.Ingo-PC\defogger_reenable
2013-06-30 20:41 - 2013-06-30 17:38 - 00000000 ____D C:\users\Sysop.Ingo-PC
2013-06-30 20:41 - 2013-06-20 08:46 - 00000472 ____A C:\Users\Sysop.Ingo-PC\Desktop\defogger_disable.log
2013-06-30 17:44 - 2013-06-30 17:44 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Macromedia
2013-06-30 17:39 - 2013-06-30 17:39 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Roaming\Apple Computer
2013-06-30 17:39 - 2013-06-30 17:38 - 00000000 ____D C:\Users\Sysop.Ingo-PC\AppData\Local\VirtualStore
2013-06-30 17:38 - 2013-06-30 17:38 - 00000020 ___SH C:\Users\Sysop.Ingo-PC\ntuser.ini
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Vorlagen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Startmenü
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Netzwerkumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Lokale Einstellungen
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Eigene Dateien
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Druckumgebung
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Musik
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Documents\Eigene Bilder
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Verlauf
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\AppData\Local\Anwendungsdaten
2013-06-30 17:38 - 2013-06-30 17:38 - 00000000 __SHD C:\Users\Sysop.Ingo-PC\Anwendungsdaten
2013-06-30 17:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-30 16:50 - 2013-06-30 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 16:26 - 2013-06-30 16:26 - 00000000 ____A C:\Windows\setuperr.log
2013-06-28 19:10 - 2009-12-02 19:12 - 00703230 ____A C:\Windows\System32\perfh007.dat
2013-06-28 19:10 - 2009-12-02 19:12 - 00150838 ____A C:\Windows\System32\perfc007.dat
2013-06-28 19:10 - 2009-07-14 07:13 - 01629444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-28 16:41 - 2010-01-13 13:12 - 00000000 ____D C:\Users\Ingo\Documents\Privat
2013-06-28 16:19 - 2013-05-19 18:40 - 00000000 ____D C:\Users\Ingo\Documents\Sticker
2013-06-26 19:01 - 2013-06-26 17:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-26 15:54 - 2010-01-12 17:14 - 00000000 ____D C:\Users\Ingo\AppData\Local\Microsoft Help
2013-06-25 12:18 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Kufstein
2013-06-22 12:25 - 2010-03-03 17:36 - 00000000 ____D C:\Windows\Minidump
2013-06-21 08:51 - 2013-06-21 08:51 - 00002363 ____A C:\Users\Sysop.Ingo-PC\Documents\gmer.log
2013-06-21 08:42 - 2013-06-21 08:41 - 00088664 ____A C:\Users\Sysop.Ingo-PC\Documents\OTL.Txt
2013-06-20 15:00 - 2013-06-20 15:00 - 00000020 __ASH C:\Users\Sysop\ntuser.ini
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Vorlagen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Startmenü
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Netzwerkumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Lokale Einstellungen
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Eigene Dateien
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Druckumgebung
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Musik
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Documents\Eigene Bilder
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Verlauf
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\AppData\Local\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 __SHD C:\Users\Sysop\Anwendungsdaten
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____D C:\users\Sysop
2013-06-20 15:00 - 2013-06-20 15:00 - 00000000 ____A C:\Users\Sysop\defogger_reenable
2013-06-20 09:44 - 2013-06-19 08:24 - 01603724 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-20 08:55 - 2013-06-20 08:55 - 00054294 ____A C:\Users\Sysop.Ingo-PC\Documents\Extras.Txt
2013-06-20 08:46 - 2013-06-20 08:46 - 00000000 ____A C:\Users\Ingo\defogger_reenable
2013-06-20 08:46 - 2010-01-05 18:06 - 00000000 ____D C:\users\Ingo
2013-06-20 08:42 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Daniel
2013-06-20 08:37 - 2013-06-20 08:37 - 00602112 ____A (OldTimer Tools) C:\Users\Sysop.Ingo-PC\Desktop\OTL.exe
2013-06-20 08:28 - 2013-06-20 08:28 - 00377856 ____A C:\Users\Sysop.Ingo-PC\Desktop\gmer_2.1.19163.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00050477 ____A C:\Users\Sysop.Ingo-PC\Desktop\Defogger.exe
2013-06-19 21:19 - 2013-06-19 21:19 - 00051496 ____A (Windows (R) Win 7 DDK provider) C:\Windows\System32\Drivers\stflt.sys
2013-06-19 17:17 - 2010-01-05 18:07 - 00000000 ____D C:\Users\Ingo\AppData\Local\VirtualStore
2013-06-19 12:18 - 2010-01-14 16:45 - 06620160 ____A C:\Users\Ingo\Documents\backup.pst
2013-06-19 12:17 - 2012-06-10 08:38 - 00000000 ____D C:\Users\Ingo\AppData\Local\8D128975-D491-4DC1-8654-8E2EBCF7F77A.aplzod
2013-06-19 12:09 - 2013-06-19 12:08 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 12:09 - 2012-04-14 17:35 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 09:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-19 09:04 - 2010-01-13 13:15 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-06-18 18:53 - 2009-10-24 01:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-18 08:17 - 2010-01-14 12:16 - 00002217 ____A C:\Windows\PTH2004G.INI
2013-06-18 08:17 - 2010-01-14 12:16 - 00000190 ____A C:\Windows\LangIDlib.INI
2013-06-18 08:15 - 2012-02-01 19:03 - 00001641 ____A C:\Windows\wininit.ini
2013-06-14 13:05 - 2012-09-11 19:53 - 00000000 ____D C:\Users\Ingo\Documents\Rolf
2013-06-14 11:54 - 2013-05-01 21:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-06-13 19:02 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-06-12 21:48 - 2012-07-11 10:20 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2010-04-18 08:17 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-19 12:09 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-19 12:09 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-19 12:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-19 12:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 19:05 - 2010-01-12 17:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 17:59 - 2013-06-12 17:59 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 17:59 - 2012-09-25 08:39 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:59 - 2011-06-05 08:04 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 19:56 - 2013-06-11 10:27 - 00000000 ____D C:\Users\Ingo\AppData\Local\Windows Live
2013-06-11 19:53 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-11 16:58 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-09 19:16 - 2010-01-13 13:11 - 00000000 ____D C:\Users\Ingo\Documents\Bank
2013-06-08 16:08 - 2013-06-15 16:05 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 16:05 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 16:05 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 16:05 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 16:05 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 16:05 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 16:05 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-05 17:10 - 2013-06-19 09:22 - 00009064 ____A (EldoS Corporation) C:\Windows\System32\elevtmsg.dll

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-06-26 21:19

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 03.07.2013, 07:17   #6
schrauber
/// the machine
/// TB-Ausbilder
 

search.conduit (Reste) entfernen - Standard

search.conduit (Reste) entfernen



Adobe updaten. Firefox deinstallieren, keine DAten behalten ausser evtl Lesezeichen, neu installieren.

Noch Probleme?
__________________
--> search.conduit (Reste) entfernen

Alt 03.07.2013, 08:53   #7
hsw1to1tbe
 
search.conduit (Reste) entfernen - Standard

search.conduit (Reste) entfernen



Hallo,

Updates/Deinstallation/Installation erledigt; scheint alles in Ordnung!

Können die Tools dann gelöscht werden?

Alt 03.07.2013, 09:43   #8
schrauber
/// the machine
/// TB-Ausbilder
 

search.conduit (Reste) entfernen - Standard

search.conduit (Reste) entfernen



Machen wir jetzt

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.07.2013, 10:59   #9
hsw1to1tbe
 
search.conduit (Reste) entfernen - Standard

search.conduit (Reste) entfernen



Hat alles geklappt. Herzlichen Dank für die Hilfestellung und Hinweise!

Alt 03.07.2013, 12:27   #10
schrauber
/// the machine
/// TB-Ausbilder
 

search.conduit (Reste) entfernen - Standard

search.conduit (Reste) entfernen



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu search.conduit (Reste) entfernen
4d36e972-e325-11ce-bfc1-08002be10318, 7-zip, autorun, bho, bonjour, browser, entfernen, error, excel, fehler, firefox, flash player, google, helper, home, homepage, iexplore.exe, install.exe, junkware, junkware removal tool, mozilla, object, office 365, packard bell, plug-in, realtek, registry, scan, security, software, svchost.exe, symantec, tunnel, windows




Ähnliche Themen: search.conduit (Reste) entfernen


  1. Lab.search.conduit.com entfernen
    Anleitungen, FAQs & Links - 08.05.2014 (2)
  2. conduit search
    Plagegeister aller Art und deren Bekämpfung - 24.04.2014 (7)
  3. Search Conduit Entfernen
    Log-Analyse und Auswertung - 15.04.2014 (16)
  4. Conduit Search
    Log-Analyse und Auswertung - 23.03.2014 (7)
  5. search.conduit.com lässt sich nicht entfernen von chrome
    Plagegeister aller Art und deren Bekämpfung - 29.01.2014 (3)
  6. Search Protect von Conduit - wie restlos entfernen?
    Plagegeister aller Art und deren Bekämpfung - 27.01.2014 (9)
  7. Search protect - conduit
    Plagegeister aller Art und deren Bekämpfung - 27.01.2014 (17)
  8. search.conduit - Werbebanner und Pop-Ups
    Plagegeister aller Art und deren Bekämpfung - 15.01.2014 (7)
  9. search.conduit-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (9)
  10. Search Conduit
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (5)
  11. Search.conduit.com auf Windows 8
    Plagegeister aller Art und deren Bekämpfung - 05.01.2014 (7)
  12. Search Conduit entfernen
    Plagegeister aller Art und deren Bekämpfung - 31.12.2013 (7)
  13. search protect by conduit
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (11)
  14. Search Protect by Conduit (u.a.?)
    Log-Analyse und Auswertung - 10.12.2013 (11)
  15. Conduit Search - ist das ein Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (5)
  16. Search conduit aus Firefox entfernen?
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (13)
  17. search protect by conduit
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (8)

Zum Thema search.conduit (Reste) entfernen - Hallo, ich habe bei der Wartung des PCs eines Bekannten als Standardsuchmaschine in Firefox die Conduit Search-Engine vorgefunden, die ich daraufhin mit dem Junkware Removal Tool (thisisudax[dot]org) zu entfernen versuchte. - search.conduit (Reste) entfernen...
Archiv
Du betrachtest: search.conduit (Reste) entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.