Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Suisa Virus blockiert meinen Windows 7 Rechner in jedem Modus meines Laptops (https://www.trojaner-board.de/113696-suisa-virus-blockiert-meinen-windows-7-rechner-modus-meines-laptops.html)

Huskeychi 15.04.2012 21:06
Suisa Virus blockiert meinen Windows 7 Rechner in jedem Modus meines Laptops
 
Ich war gerade im Internet am surfen als plötzlich mein Bildschirm weiss wurde und eine Info erschien dass ich 75CHF zahlen muss weil ich Illegale Musikdownloads auf dem Rechner habe. Nach recherche in google hies es dass es sich um einen Virus/Trojaner handlet. Ich bekomme diese seite nicht mehr weg auch in abgesicherten Modus nicht. Was soll ich nun tun?

Psychotic 16.04.2012 07:51
:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  • Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren) - wenn du die anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  • Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  • Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen, außer, ich fordere dich dazu auf. Erschwert mir nämlich das Auswerten.


Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Welche Windowsversion läuft auf dem Rechner? (auch mitteilen, ob 32 oder 64bit!)

Huskeychi 16.04.2012 09:17
Hallo Marius

Vielen Dank schon mal im voraus für deine Bereitshcaft mir zu helfen.

Ich habe eine Windows 7 (64Bit) Version. Mit dem 64Bit bin ich mir nicht 100%sicher da mein Laptop von Vista auf Win7 updated wurde und ich dies nicht selber durchgeführt habe.

Ich hoffe dass dir diese Angaben erstmals reichen.

Psychotic 16.04.2012 09:27
FRST64


Downloade dir bitte Farbar's Recovery Scan Tool x64 und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein. e:\frst64.exe Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Huskeychi 17.04.2012 10:19
Hallo
Also ich habe den PC im Reparaturmodus gestartet und das lief auch durch. Ich kann jetzt den PC wider starten. Wenn ich aber versuche den Farbar's Recovery Scan Tool x64 zu starten bekomme ich eine Fehlermeldung:

C:\Users\David>f:\frst64.exe
Die Version von f:\FRST64.exe ist nicht mit der ausgeführten Windows-Version kom
patibel. Öffnen Sie die Systeminformationen des Computers, um zu überprüfen, ob
eine x86-(32 Bit)- oder eine x64-(64 Bit)-Version des Programms erforderlich ist
, und wenden Sie sich anschließend an den Herausgeber der Software.

Hier mal meine system informationen
Betriebsystemname Microsoft Windows 7 Professional
Version 6.1.7600 Build 7600
Weitere Betriebsystembeschreibung Nicht verfügbar
Betriebsystemhersteller Microsoft Corporation
Systemname DAVID-PC
Systemhersteller Hewlett-Packard
Systemmodell HP Pavilion dv6700 Notebook PC
Systemtyp X86-basierter PC
Prozessor Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz, 2401 MHz, 2 Kern(e), 2 logische(r) Prozessor(en)
BIOS-Version/-Datum Hewlett-Packard F.33, 12.11.2007
SMBIOS-Version 2.4
Windows-Verzeichnis C:\Windows
Systemverzeichnis C:\Windows\system32
Startgerät \Device\HarddiskVolume1
Gebietsschema Schweiz
Hardwareabstraktionsebene Version = "6.1.7600.16385"
Benutzername David-PC\David
Zeitzone Mitteleuropäische Sommerzeit
Installierter physikalischer Speicher (RAM) 4.00 GB
Gesamter realer Speicher 3.00 GB
Verfügbarer realer Speicher 2.01 GB
Gesamter virtueller Speicher 6.00 GB
Verfügbarer virtueller Speicher 4.85 GB
Größe der Auslagerungsdatei 3.00 GB
Auslagerungsdatei C:\pagefile.sys

Psychotic 17.04.2012 10:43
OK - dann so: :D

FRST (32bit)


Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein. e:\frst.exe Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Huskeychi 18.04.2012 09:44
Hallo

Gibt es auch ne möglichkeit das ganze ohne Windows CD/DVD durchzuführen. Die CD hab ich meiner Freundin ausgeliehen und das geht zwei Wochen bis ich die wider hier hab.

Psychotic 18.04.2012 11:57
Ja, über den Boot Manager:


Zitat:
Zitat von PsYcHoTiC (Beitrag 815430)

FRST (32bit)


Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Psychotic 20.04.2012 10:39
Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Huskeychi 22.04.2012 17:19
Hallo

Ja ich werde jetzt dann gleichd as Log posten war die letzten Tage geschäftlich unterwegs, sorry.

Hier das Log:

Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 16-04-2012
Ran by David at 22-04-2012 18:47:12
Running from F:\
(X86) OS Language: German Standard
Attention: Could not load system hive.FEHLER: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Attention: The tool is not run from recovery environment and will not function properly.

========================== Registry (Whitelisted) =============

HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell]

================================ Services (Whitelisted) ==================


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-22 18:46 - 2011-08-21 19:31 - 0000000 ____D C:\Users\David\AppData\Local\{0A70500B-8C44-466C-A6E5-29014A6610E3}
2012-04-22 18:46 - 2011-05-29 18:53 - 0000000 ____D C:\Users\David\AppData\Local\{75580811-E74C-4082-B102-98CB6F457A9C}
2012-04-22 18:34 - 2011-10-07 15:26 - 0000000 ____D C:\Users\David\AppData\Local\{8EB94645-DE0E-4463-94F5-443919F18E11}
2012-04-22 18:34 - 2011-09-07 18:37 - 0000000 ____D C:\Users\David\AppData\Local\{356CE8D9-4112-4097-AAF2-765ADDD5EA9B}
2012-04-18 16:45 - 2011-09-11 18:53 - 0031744 ____A C:\Users\David\Desktop\Löschdienst_summary.doc
2012-04-18 15:50 - 2012-04-18 15:36 - 0066048 ____A C:\Users\David\Desktop\HD_Lektionsvorbereitung_Loeschdienst_Druckl_.xls
2012-04-18 15:46 - 2012-04-18 15:36 - 0084480 ____A C:\Users\David\Desktop\TLF_übersicht.ppt
2012-04-18 15:01 - 2011-09-22 19:42 - 0047616 ____A C:\Users\David\Desktop\TLF_Einsatz_summary.doc
2012-04-18 10:53 - 2012-02-09 23:42 - 0060928 ____A C:\Users\David\Desktop\HD_Lektionsvorbereitung_Einsatz_TLF.xls
2012-04-17 14:28 - 2012-02-27 20:30 - 0000000 ____D C:\Users\David\AppData\Local\{AE6F1A14-B387-42A5-9BE2-B363942ADF31}
2012-04-17 14:28 - 2011-09-01 17:50 - 0000000 ____D C:\Users\David\AppData\Local\{5C6E33D0-2969-423C-AE54-8CD930F9D738}
2012-04-17 14:11 - 2012-01-02 21:25 - 0000000 ____D C:\Users\David\AppData\Local\{0B5E58C9-5824-4864-A6B9-53BCE7ED6F7E}
2012-04-17 14:11 - 2011-11-18 00:20 - 0000000 ____D C:\Users\David\AppData\Local\{018C9489-7539-4670-AC85-DF146FFD71DF}
2012-04-17 11:50 - 2012-04-16 06:24 - 0000000 ____D C:\FRST
2012-04-16 03:28 - 2010-11-23 20:06 - 0058782 ____A C:\OTL.Txt
2012-04-16 03:28 - 2010-10-17 21:26 - 0019538 ____A C:\Extras.Txt
2012-04-15 19:22 - 2012-04-15 19:22 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{88a6a1c9-57bd-11e0-af24-001e3777819a}.TxR.blf
2012-04-09 18:56 - 2011-08-31 15:34 - 0000000 ____D C:\Users\David\AppData\Local\{2334A902-3CBD-4FFB-88A5-1BA3953D4778}
2012-04-09 18:56 - 2011-06-17 22:28 - 0000000 ____D C:\Users\David\AppData\Local\{000D2179-8D69-4DD7-BFB9-973877490E25}
2012-04-09 18:15 - 2012-04-04 22:03 - 0000000 ____D C:\Users\David\AppData\Local\{EDE744F5-A7FF-439D-A315-C8E88E1EDD4F}
2012-04-09 18:15 - 2011-08-16 22:27 - 0000000 ____D C:\Users\David\AppData\Local\{DE16C105-7869-49D1-9242-FE6602AE2914}
2012-04-04 22:02 - 2012-03-01 08:19 - 0000000 ____D C:\Users\David\AppData\Local\{E6C1F8E9-6C64-4F63-9877-BCF8F0F14338}
2012-04-03 18:52 - 2012-01-11 20:45 - 0000000 ____D C:\Users\David\AppData\Local\{F5EE9A91-B0EF-4686-B9F3-47CBEA6D74C7}
2012-04-03 18:52 - 2011-11-20 21:27 - 0000000 ____D C:\Users\David\AppData\Local\{387FD345-4B38-4A24-9A04-054264FFA7F0}
2012-04-02 19:35 - 2012-04-02 19:36 - 0000000 ____D C:\Users\David\AppData\Local\{3E858585-37B1-4A13-B89E-20407A7CB151}
2012-04-02 19:35 - 2011-08-20 09:01 - 0000000 ____D C:\Users\David\AppData\Local\{3E32F5DD-FB69-457E-A624-2F123CB7A8D9}
2012-04-01 18:52 - 2011-10-22 10:30 - 0000000 ____D C:\Users\David\AppData\Local\{901E1C5F-D0DD-4C2B-A668-C00B7C9C67B6}
2012-04-01 18:51 - 2011-10-15 11:33 - 0000000 ____D C:\Users\David\AppData\Local\{5567838F-7506-43E0-B61B-8EDF976DD6F1}
2012-04-01 18:47 - 2012-04-22 18:42 - 0000000 ____D C:\Program Files\iPod
2012-04-01 18:47 - 2012-04-01 18:47 - 0000000 ____D C:\Program Files\iTunes
2012-04-01 18:47 - 2011-11-22 20:19 - 0001753 ____A C:\Users\Public\Desktop\iTunes.lnk

============ 3 Months Modified Files and Folders ===============

2012-04-22 18:47 - 2012-04-22 18:46 - 0000000 ____D C:\Users\David\AppData\Local\{0A70500B-8C44-466C-A6E5-29014A6610E3}
2012-04-22 18:47 - 2012-04-17 11:50 - 0000000 ____D C:\FRST
2012-04-22 18:46 - 2012-04-22 18:46 - 0000000 ____D C:\Users\David\AppData\Local\{75580811-E74C-4082-B102-98CB6F457A9C}
2012-04-22 18:46 - 2009-07-14 06:39 - 0030023 ____A C:\Windows\setupact.log
2012-04-22 18:45 - 2011-01-16 21:31 - 0000000 ____D C:\Users\David\AppData\Roaming\Skype
2012-04-22 18:45 - 2010-11-16 22:58 - 0001092 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-22 18:44 - 2010-10-17 21:26 - 0000000 ____D C:\users\David
2012-04-22 18:44 - 2010-10-17 21:18 - 2414682112 __ASH C:\hiberfil.sys
2012-04-22 18:44 - 2009-07-14 06:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-22 18:44 - 2009-07-14 04:37 - 0000000 ____D C:\Windows\System32\wfp
2012-04-22 18:44 - 2009-07-14 04:37 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-22 18:42 - 2010-10-17 21:45 - 0000000 ____D C:\Windows\System32\Drivers\N360
2012-04-22 18:42 - 2010-10-17 21:39 - 0000000 ____D C:\Users\All Users\Norton
2012-04-22 18:42 - 2010-10-17 21:39 - 0000000 ____D C:\ProgramData\Norton
2012-04-22 18:42 - 2009-07-14 04:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-04-22 18:41 - 2009-07-14 04:37 - 0000000 ____D C:\Windows\registration
2012-04-22 18:41 - 2009-07-14 04:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-04-22 18:39 - 2010-11-23 20:04 - 0000000 ____D C:\Users\All Users\MySQL
2012-04-22 18:39 - 2010-11-23 20:04 - 0000000 ____D C:\ProgramData\MySQL
2012-04-22 18:38 - 2009-07-14 06:34 - 0014848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-22 18:38 - 2009-07-14 06:34 - 0014848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-22 18:34 - 2012-04-22 18:34 - 0000000 ____D C:\Users\David\AppData\Local\{8EB94645-DE0E-4463-94F5-443919F18E11}
2012-04-22 18:34 - 2012-04-22 18:34 - 0000000 ____D C:\Users\David\AppData\Local\{356CE8D9-4112-4097-AAF2-765ADDD5EA9B}
2012-04-18 17:00 - 2012-04-18 16:45 - 0031744 ____A C:\Users\David\Desktop\Löschdienst_summary.doc
2012-04-18 16:41 - 2012-04-18 15:50 - 0066048 ____A C:\Users\David\Desktop\HD_Lektionsvorbereitung_Loeschdienst_Druckl_.xls
2012-04-18 15:47 - 2012-04-18 15:46 - 0084480 ____A C:\Users\David\Desktop\TLF_übersicht.ppt
2012-04-18 15:36 - 2012-04-18 15:01 - 0047616 ____A C:\Users\David\Desktop\TLF_Einsatz_summary.doc
2012-04-18 15:36 - 2012-04-18 10:53 - 0060928 ____A C:\Users\David\Desktop\HD_Lektionsvorbereitung_Einsatz_TLF.xls
2012-04-17 14:28 - 2012-04-17 14:28 - 0000000 ____D C:\Users\David\AppData\Local\{AE6F1A14-B387-42A5-9BE2-B363942ADF31}
2012-04-17 14:28 - 2012-04-17 14:28 - 0000000 ____D C:\Users\David\AppData\Local\{5C6E33D0-2969-423C-AE54-8CD930F9D738}
2012-04-17 14:11 - 2012-04-17 14:11 - 0000000 ____D C:\Users\David\AppData\Local\{0B5E58C9-5824-4864-A6B9-53BCE7ED6F7E}
2012-04-17 14:11 - 2012-04-17 14:11 - 0000000 ____D C:\Users\David\AppData\Local\{018C9489-7539-4670-AC85-DF146FFD71DF}
2012-04-16 06:24 - 2012-04-16 03:28 - 0058782 ____A C:\OTL.Txt
2012-04-16 06:24 - 2012-04-16 03:28 - 0019538 ____A C:\Extras.Txt
2012-04-15 19:22 - 2012-04-15 19:22 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{88a6a1c9-57bd-11e0-af24-001e3777819a}.TxR.blf
2012-04-09 18:56 - 2012-04-09 18:56 - 0000000 ____D C:\Users\David\AppData\Local\{2334A902-3CBD-4FFB-88A5-1BA3953D4778}
2012-04-09 18:56 - 2012-04-09 18:56 - 0000000 ____D C:\Users\David\AppData\Local\{000D2179-8D69-4DD7-BFB9-973877490E25}
2012-04-09 18:16 - 2012-04-09 18:15 - 0000000 ____D C:\Users\David\AppData\Local\{DE16C105-7869-49D1-9242-FE6602AE2914}
2012-04-09 18:15 - 2012-04-09 18:15 - 0000000 ____D C:\Users\David\AppData\Local\{EDE744F5-A7FF-439D-A315-C8E88E1EDD4F}
2012-04-05 19:59 - 2012-02-27 19:45 - 0000000 ____D C:\Users\All Users\CanonIJPLM
2012-04-05 19:59 - 2012-02-27 19:45 - 0000000 ____D C:\ProgramData\CanonIJPLM
2012-04-04 22:03 - 2012-04-04 22:02 - 0000000 ____D C:\Users\David\AppData\Local\{E6C1F8E9-6C64-4F63-9877-BCF8F0F14338}
2012-04-04 22:03 - 2010-11-16 22:58 - 0001096 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-04 22:02 - 2010-10-17 21:21 - 1118539 ____A C:\Windows\WindowsUpdate.log
2012-04-03 18:52 - 2012-04-03 18:52 - 0000000 ____D C:\Users\David\AppData\Local\{F5EE9A91-B0EF-4686-B9F3-47CBEA6D74C7}
2012-04-03 18:52 - 2012-04-03 18:52 - 0000000 ____D C:\Users\David\AppData\Local\{387FD345-4B38-4A24-9A04-054264FFA7F0}
2012-04-02 19:36 - 2012-04-02 19:35 - 0000000 ____D C:\Users\David\AppData\Local\{3E32F5DD-FB69-457E-A624-2F123CB7A8D9}
2012-04-02 19:35 - 2012-04-02 19:35 - 0000000 ____D C:\Users\David\AppData\Local\{3E858585-37B1-4A13-B89E-20407A7CB151}
2012-04-01 18:54 - 2010-10-17 21:31 - 1498506 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-01 18:52 - 2012-04-01 18:52 - 0000000 ____D C:\Users\David\AppData\Local\{901E1C5F-D0DD-4C2B-A668-C00B7C9C67B6}
2012-04-01 18:51 - 2012-04-01 18:51 - 0000000 ____D C:\Users\David\AppData\Local\{5567838F-7506-43E0-B61B-8EDF976DD6F1}
2012-04-01 18:51 - 2010-10-17 22:13 - 0000000 ____D C:\Users\David\AppData\Roaming\Apple Computer
2012-04-01 18:47 - 2012-04-01 18:47 - 0001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-01 18:47 - 2012-04-01 18:47 - 0000000 ____D C:\Program Files\iTunes
2012-04-01 18:47 - 2012-04-01 18:47 - 0000000 ____D C:\Program Files\iPod
2012-04-01 18:47 - 2010-10-17 22:11 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-03-21 23:40 - 2012-03-21 23:40 - 0000000 ____D C:\Users\David\AppData\Local\{98FAB908-9C9F-454E-A0C9-4123F9EF0C36}
2012-03-21 23:40 - 2012-03-21 23:40 - 0000000 ____D C:\Users\David\AppData\Local\{7157B293-6B76-49F9-A3FA-45E3C335658C}
2012-03-21 23:38 - 2009-07-14 06:33 - 0411440 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-21 23:37 - 2010-10-17 21:47 - 0035272 ____A C:\Windows\PFRO.log
2012-03-18 19:20 - 2012-03-18 19:20 - 0020111 ____A C:\Users\David\Desktop\BFTV Bild.png
2012-03-15 21:30 - 2012-03-15 21:30 - 0016896 ____A C:\Users\David\Desktop\Ferien BK.xls
2012-03-15 21:09 - 2009-07-14 04:04 - 0000499 ____A C:\Windows\win.ini
2012-03-12 23:40 - 2012-03-12 23:40 - 0000000 ____D C:\Users\David\AppData\Local\{3103B713-3633-4AB6-A301-C681BCD74556}
2012-03-12 23:40 - 2012-03-12 23:39 - 0000000 ____D C:\Users\David\AppData\Local\{DA59A69E-0B75-4F7F-B595-EA85EE63DBDD}
2012-03-12 20:04 - 2012-03-12 20:04 - 0000000 ____D C:\Users\David\AppData\Local\{45455288-F40B-4EB8-B98D-1EE7CC9B20AC}
2012-03-12 20:04 - 2012-03-12 20:03 - 0000000 ____D C:\Users\David\AppData\Local\{3654259C-2062-4A2F-84FD-4BD65EBB3AE2}
2012-03-12 19:57 - 2009-07-14 04:37 - 0000000 ____D C:\Windows\System32\de-DE
2012-03-11 20:22 - 2012-03-11 20:19 - 0004638 ____A C:\Windows\IE9_main.log
2012-03-11 20:21 - 2012-03-11 20:21 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-11 20:21 - 2012-03-11 20:21 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-11 20:21 - 2012-03-11 20:21 - 1798656 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-11 20:21 - 2012-03-11 20:21 - 12282368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-11 20:21 - 2012-03-11 20:21 - 0353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-11 20:21 - 2012-03-11 20:21 - 0150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-11 20:21 - 2012-03-11 20:21 - 0142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-11 20:21 - 2012-03-11 20:21 - 0130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-11 20:21 - 2012-03-11 20:21 - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-11 20:21 - 2012-03-11 20:21 - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-11 20:21 - 2012-03-11 20:21 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-11 20:21 - 2012-03-11 20:21 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-11 20:21 - 2012-03-11 20:21 - 0054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-11 20:21 - 2012-03-11 20:21 - 0011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-11 20:21 - 2012-03-11 20:21 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-11 20:16 - 2012-03-11 20:16 - 0000000 ____D C:\Users\David\AppData\Local\{B277AD36-4091-4267-BB62-D3A3938991A5}
2012-03-11 20:16 - 2012-03-11 20:16 - 0000000 ____D C:\Users\David\AppData\Local\{67DEEC2F-697A-4DF5-8A58-5972D3AC8C36}
2012-03-04 14:34 - 2012-03-04 12:55 - 0029184 ____A C:\Users\David\Desktop\Lebenslauf_new.doc
2012-03-04 14:33 - 2012-03-04 13:47 - 3247104 ____A C:\Users\David\Desktop\Bewerbung Deckblatt.ppt
2012-03-04 12:39 - 2012-03-04 12:39 - 0034816 ____A C:\Users\David\Desktop\Lebenslauf für Stellenbewerbung.doc
2012-03-03 21:31 - 2012-03-03 19:01 - 0027648 ____A C:\Users\David\Desktop\Bewerbung.doc
2012-03-01 08:20 - 2012-03-01 08:20 - 0000000 ____D C:\Users\David\AppData\Local\{5680FBC4-027C-4F66-BEEF-7DC854273244}
2012-03-01 08:19 - 2012-03-01 08:19 - 0000000 ____D C:\Users\David\AppData\Local\{E67A1408-01B9-481F-AD60-0307030544ED}
2012-02-27 20:30 - 2012-02-27 20:30 - 0000000 ____D C:\Users\David\AppData\Local\{ADE0BEF9-57A7-4E7A-956D-CFDAD5D295C1}
2012-02-27 20:30 - 2012-02-27 20:30 - 0000000 ____D C:\Users\David\AppData\Local\{5A04F38F-4864-4DD8-A1E8-E26786F380E0}
2012-02-27 19:47 - 2012-02-27 19:47 - 0000000 ___HD C:\Users\All Users\CanonIJMyPrinter
2012-02-27 19:47 - 2012-02-27 19:47 - 0000000 ___HD C:\ProgramData\CanonIJMyPrinter
2012-02-27 19:47 - 2011-10-09 19:31 - 0000000 ____D C:\Program Files\Canon
2012-02-27 19:45 - 2012-02-27 19:45 - 0000000 ___HD C:\Users\All Users\CanonIJFAX
2012-02-27 19:45 - 2012-02-27 19:45 - 0000000 ___HD C:\ProgramData\CanonIJFAX
2012-02-27 19:45 - 2012-02-27 19:45 - 0000000 ____D C:\Users\All Users\Canon IJ Network Tool
2012-02-27 19:45 - 2012-02-27 19:45 - 0000000 ____D C:\ProgramData\Canon IJ Network Tool
2012-02-27 19:45 - 2009-07-14 06:52 - 0000000 ____D C:\Windows\twain_32
2012-02-27 19:45 - 2009-07-14 04:37 - 0000000 __RSD C:\Windows\Media
2012-02-27 19:43 - 2012-02-27 19:43 - 0000000 ____D C:\Users\All Users\CanonIJWSpt
2012-02-27 19:43 - 2012-02-27 19:43 - 0000000 ____D C:\ProgramData\CanonIJWSpt
2012-02-27 19:40 - 2012-02-27 19:40 - 0000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2012-02-27 19:39 - 2012-02-27 19:39 - 0000000 ___HD C:\Program Files\CanonBJ
2012-02-27 19:39 - 2012-02-27 19:39 - 0000000 ____D C:\Windows\System32\STRING
2012-02-19 21:59 - 2011-12-06 20:55 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-02-19 21:58 - 2012-02-19 21:58 - 0000000 ____D C:\Users\David\AppData\Local\{8FB367EC-FD00-4DF6-842D-51FAC52AD592}
2012-02-19 21:57 - 2012-02-19 21:57 - 0000000 ____D C:\Users\David\AppData\Local\{853A0345-6631-4E86-94B5-6289CC0F830D}
2012-02-19 21:55 - 2010-10-17 21:26 - 0000174 ___SH C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-19 21:54 - 2010-10-17 21:45 - 0002322 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-02-19 21:53 - 2010-10-17 21:57 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-02-19 21:50 - 2012-02-19 21:39 - 0007597 ____A C:\Users\David\AppData\Local\Resmon.ResmonCfg
2012-02-19 21:46 - 2011-06-17 23:21 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2012-02-19 21:44 - 2012-02-19 21:44 - 0000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2012-02-15 11:01 - 2012-02-15 11:01 - 4547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-02-15 11:01 - 2012-02-15 11:01 - 0043520 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl.sys
2012-02-15 07:44 - 2012-03-13 23:51 - 0826368 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-15 06:22 - 2012-03-13 23:51 - 0177152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-15 06:22 - 2012-03-13 23:51 - 0024064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-15 01:41 - 2012-02-15 01:40 - 0000000 ____D C:\Users\David\AppData\Local\{2CC84989-B0F1-4FEF-88D4-3DD5B893C7FE}
2012-02-15 01:40 - 2012-02-15 01:40 - 0000000 ____D C:\Users\David\AppData\Local\{3ACF1AAA-29AE-4EB2-9DBA-FD144ADDBB96}
2012-02-10 07:41 - 2012-03-14 19:56 - 1170944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-10 07:41 - 2012-03-14 19:56 - 1074176 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-10 07:41 - 2012-03-14 19:56 - 0739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-10 07:41 - 2012-03-14 19:56 - 0218624 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-10 07:41 - 2012-03-14 19:56 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 23:42 - 2012-02-09 23:33 - 1220096 ____A C:\Users\David\Desktop\Gutschein für 1mal.doc
2012-02-07 23:22 - 2010-10-17 21:45 - 0000000 ____D C:\Program Files\Symantec
2012-02-07 23:21 - 2010-10-17 21:45 - 0126584 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2012-02-07 23:21 - 2010-10-17 21:45 - 0007468 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2012-02-07 23:21 - 2010-10-17 21:45 - 0000806 ____A C:\Windows\System32\Drivers\SYMEVENT.INF
2012-02-07 23:18 - 2011-06-17 16:58 - 0001940 ____A C:\Users\David\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2012-02-03 10:34 - 2010-11-22 20:46 - 0000000 ____D C:\Users\David\Desktop\Feuerwehr
2012-02-03 06:01 - 2012-03-14 19:57 - 2341376 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-31 21:57 - 2012-01-31 21:57 - 0006451 ____A C:\Users\David\Desktop\Rechnungsausgang.PNG
2012-01-29 12:47 - 2012-01-29 12:47 - 0024487 ____A C:\Users\David\Desktop\Offiziersvorbereitungskurs_AdF_Programm_2012_BFVDT_v0.2[1].pdf
2012-01-25 07:44 - 2012-03-13 23:51 - 0129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-25 07:44 - 2012-03-13 23:51 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-25 07:40 - 2012-03-13 23:51 - 0008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll
[2009-07-14 01:24] - [2009-07-14 03:16] - 0811520 ____A (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 26%
Total physical RAM: 3070.43 MB
Available physical RAM: 2248.35 MB
Total Pagefile: 6139.14 MB
Available Pagefile: 5167.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.08 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:223.13 GB) (Free:156.33 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (HP_RECOVERY) (Fixed) (Total:9.75 GB) (Free:2.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:1.89 GB) (Free:0.36 GB) FAT

Datentr„ger ### Status Gr”áe Frei Dyn GPT
--------------- ------------- ------- ------- --- ---
Datentr„ger 0 Online 232 GB 1024 KB
Datentr„ger 1 Online 1936 MB 0 B

Partitions of Disk 0:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 223 GB 31 KB
Partition 2 Prim„r 9 GB 223 GB

======================================================================================================

Disk: 0
Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 223 GB Fehlerfre System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D HP_RECOVERY NTFS Partition 9 GB Fehlerfre

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 1935 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Typ : 06
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Wechselmed 1935 MB Fehlerfre

======================================================================================================

==========================================================

Last Boot: 2011-07-04 16:17

======================= End Of Log ==========================

Psychotic 22.04.2012 22:43
Zitat:
Attention: The tool is not run from recovery environment and will not function properly.
Du hast FRST nicht aus der Recovery-Konsole heraus gestartet wie beschrieben, sondern aus dem normalen Windows-Modus. Bitte befolge die Anweisungen. Drücke VOR dem ersten Windows-Bilschrim (also kurz nachdem das BIOS-Fenster beim Rechnerstart verschwindet) so lange die F8-Taste bis du in den Boot Manager gelangst. Dann weiter wie beschrieben!

Huskeychi 23.04.2012 18:20
Hier nochmals:

Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 16-04-2012
Ran by SYSTEM at 23-04-2012 19:14:57
Running from F:\
Windows 7 Professional (X86) OS Language: German Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13826664 2009-10-03] (NVIDIA Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2569616 2010-07-25] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE [452016 2010-09-09] (CANON INC.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKU\David\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-10] (Microsoft Corporation)
HKU\David\...\Run: [RemotelessHelper] "C:\Program Files\SpotifyRemotelessHelper\SpotifyRemotelessHelper.exe" [2232320 2011-05-05] ()
HKU\David\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\David\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

================================ Services (Whitelisted) ==================

2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [136176 2010-11-16] (Google Inc.)
3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [136176 2010-11-16] (Google Inc.)
2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [322120 2003-06-19] (Microsoft Corporation)
2 N360; "C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton 360\Engine\5.2.0.13\diMaster.dll" /prefetch:1 [262584 2011-04-01] (Symantec Corporation)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-14] (Microsoft Corporation)
2 vpnagent; "C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe" [493248 2009-10-09] (Cisco Systems, Inc.)

========================== Drivers (Whitelisted) =============

3 ATSwpWDF; C:\Windows\System32\Drivers\ATSwpWDF.sys [625224 2009-12-03] (AuthenTec, Inc.)
1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [820856 2012-03-02] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2012-02-15] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2012-02-05] (Symantec Corporation)
3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120401.001\IDSvix86.sys [368248 2012-02-14] (Symantec Corporation)
2 MySQL; "C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.1\my.ini" MySQL [8960 2010-11-23] ()
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120402.002\NAVENG.SYS [86136 2012-02-02] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120402.002\NAVEX15.SYS [1576312 2012-02-02] (Symantec Corporation)
3 netw5v32; C:\Windows\System32\DRIVERS\netw5v32.sys [4231168 2009-07-13] (Intel Corporation)
2 rimmptsk; C:\Windows\System32\DRIVERS\rimmptsk.sys [48128 2009-06-25] (REDC)
2 rimsptsk; C:\Windows\System32\DRIVERS\rimsptsk.sys [44544 2009-06-25] (REDC)
2 rismxdp; C:\Windows\System32\DRIVERS\rixdptsk.sys [38400 2009-06-25] (REDC)
3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1068032 2009-07-13] (Motorola Inc.)
3 SRTSP; C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS [516216 2011-03-31] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\N360\0502000.00D\SRTSPX.SYS [50168 2011-03-31] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360\0502000.00D\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360\0502000.00D\SYMEFA.SYS [744568 2011-03-15] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2012-02-07] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\N360\0502000.00D\Ironx86.SYS [136312 2011-01-27] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360\0502000.00D\SYMNETS.SYS [299640 2011-04-21] (Symantec Corporation)
3 vpnva; C:\Windows\System32\DRIVERS\vpnva.sys [20152 2009-10-09] (Cisco Systems, Inc.)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-23 18:09 - 2012-02-28 02:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-23 18:09 - 2012-02-28 02:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-23 18:09 - 2011-08-27 15:22 - 0000000 __SHD C:\Config.Msi
2012-04-23 18:08 - 2012-03-11 19:21 - 9705984 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-23 18:08 - 2012-03-11 19:21 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-23 18:08 - 2012-03-11 19:21 - 12281856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-23 18:08 - 2012-03-11 19:21 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-23 18:08 - 2012-02-28 02:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-23 18:08 - 2012-02-28 02:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-23 18:08 - 2012-02-28 02:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-23 18:08 - 2011-03-08 06:38 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-23 18:08 - 2010-12-21 06:38 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-23 18:08 - 2010-09-22 23:21 - 0019312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-23 18:08 - 2009-07-14 02:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-23 18:08 - 2009-07-14 02:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-23 18:08 - 2009-07-14 02:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-23 18:08 - 2009-07-14 02:14 - 0158720 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-23 18:08 - 2009-07-14 02:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-23 18:06 - 2009-07-14 02:16 - 3902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-23 18:06 - 2009-07-13 22:40 - 3958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-04-22 17:46 - 2011-08-21 18:31 - 0000000 ____D C:\Users\David\AppData\Local\{0A70500B-8C44-466C-A6E5-29014A6610E3}
2012-04-22 17:46 - 2011-05-29 17:53 - 0000000 ____D C:\Users\David\AppData\Local\{75580811-E74C-4082-B102-98CB6F457A9C}
2012-04-22 17:34 - 2011-10-07 14:26 - 0000000 ____D C:\Users\David\AppData\Local\{8EB94645-DE0E-4463-94F5-443919F18E11}
2012-04-22 17:34 - 2011-09-07 17:37 - 0000000 ____D C:\Users\David\AppData\Local\{356CE8D9-4112-4097-AAF2-765ADDD5EA9B}
2012-04-18 15:45 - 2011-09-11 17:53 - 0031744 ____A C:\Users\David\Desktop\Löschdienst_summary.doc
2012-04-18 14:50 - 2012-04-18 14:36 - 0066048 ____A C:\Users\David\Desktop\HD_Lektionsvorbereitung_Loeschdienst_Druckl_.xls
2012-04-18 14:46 - 2012-04-18 14:36 - 0084480 ____A C:\Users\David\Desktop\TLF_übersicht.ppt
2012-04-18 14:01 - 2011-09-22 18:42 - 0047616 ____A C:\Users\David\Desktop\TLF_Einsatz_summary.doc
2012-04-18 09:53 - 2012-02-09 22:42 - 0060928 ____A C:\Users\David\Desktop\HD_Lektionsvorbereitung_Einsatz_TLF.xls
2012-04-17 13:28 - 2012-02-27 19:30 - 0000000 ____D C:\Users\David\AppData\Local\{AE6F1A14-B387-42A5-9BE2-B363942ADF31}
2012-04-17 13:28 - 2011-09-01 16:50 - 0000000 ____D C:\Users\David\AppData\Local\{5C6E33D0-2969-423C-AE54-8CD930F9D738}
2012-04-17 13:11 - 2012-01-02 20:25 - 0000000 ____D C:\Users\David\AppData\Local\{0B5E58C9-5824-4864-A6B9-53BCE7ED6F7E}
2012-04-17 13:11 - 2011-11-17 23:20 - 0000000 ____D C:\Users\David\AppData\Local\{018C9489-7539-4670-AC85-DF146FFD71DF}
2012-04-17 10:50 - 2012-04-16 05:24 - 0000000 ____D C:\FRST
2012-04-16 02:28 - 2010-11-23 19:06 - 0058782 ____A C:\OTL.Txt
2012-04-16 02:28 - 2010-10-17 20:26 - 0019538 ____A C:\Extras.Txt
2012-04-09 17:56 - 2011-08-31 14:34 - 0000000 ____D C:\Users\David\AppData\Local\{2334A902-3CBD-4FFB-88A5-1BA3953D4778}
2012-04-09 17:56 - 2011-06-17 21:28 - 0000000 ____D C:\Users\David\AppData\Local\{000D2179-8D69-4DD7-BFB9-973877490E25}
2012-04-09 17:15 - 2012-04-04 21:03 - 0000000 ____D C:\Users\David\AppData\Local\{EDE744F5-A7FF-439D-A315-C8E88E1EDD4F}
2012-04-09 17:15 - 2011-08-16 21:27 - 0000000 ____D C:\Users\David\AppData\Local\{DE16C105-7869-49D1-9242-FE6602AE2914}
2012-04-04 21:02 - 2012-03-01 07:19 - 0000000 ____D C:\Users\David\AppData\Local\{E6C1F8E9-6C64-4F63-9877-BCF8F0F14338}
2012-04-03 17:52 - 2012-01-11 19:45 - 0000000 ____D C:\Users\David\AppData\Local\{F5EE9A91-B0EF-4686-B9F3-47CBEA6D74C7}
2012-04-03 17:52 - 2011-11-20 20:27 - 0000000 ____D C:\Users\David\AppData\Local\{387FD345-4B38-4A24-9A04-054264FFA7F0}
2012-04-02 18:35 - 2012-04-02 18:36 - 0000000 ____D C:\Users\David\AppData\Local\{3E858585-37B1-4A13-B89E-20407A7CB151}
2012-04-02 18:35 - 2011-08-20 08:01 - 0000000 ____D C:\Users\David\AppData\Local\{3E32F5DD-FB69-457E-A624-2F123CB7A8D9}
2012-04-01 17:52 - 2011-10-22 09:30 - 0000000 ____D C:\Users\David\AppData\Local\{901E1C5F-D0DD-4C2B-A668-C00B7C9C67B6}
2012-04-01 17:51 - 2011-10-15 10:33 - 0000000 ____D C:\Users\David\AppData\Local\{5567838F-7506-43E0-B61B-8EDF976DD6F1}
2012-04-01 17:47 - 2012-04-23 18:12 - 0000000 ____D C:\Program Files\iPod
2012-04-01 17:47 - 2012-04-01 17:47 - 0000000 ____D C:\Program Files\iTunes
2012-04-01 17:47 - 2011-11-22 19:19 - 0001753 ____A C:\Users\Public\Desktop\iTunes.lnk

============ 3 Months Modified Files and Folders ===============

2012-04-23 19:15 - 2012-04-17 10:50 - 0000000 ____D C:\FRST
2012-04-23 18:12 - 2012-04-23 18:09 - 0000000 __SHD C:\Config.Msi
2012-04-23 18:12 - 2010-11-16 21:58 - 0001092 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-23 18:12 - 2010-10-17 20:21 - 1308286 ____A C:\Windows\WindowsUpdate.log
2012-04-23 18:10 - 2010-10-17 20:31 - 1519874 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-23 18:08 - 2009-07-14 03:04 - 0000499 ____A C:\Windows\win.ini
2012-04-23 18:06 - 2012-02-27 18:45 - 0000000 ____D C:\Users\All Users\CanonIJPLM
2012-04-23 18:06 - 2012-02-27 18:45 - 0000000 ____D C:\ProgramData\CanonIJPLM
2012-04-23 18:05 - 2010-11-16 21:58 - 0001096 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-22 19:40 - 2011-01-16 20:31 - 0000000 ____D C:\Users\David\AppData\Roaming\Skype
2012-04-22 17:52 - 2009-07-14 05:34 - 0014848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-22 17:52 - 2009-07-14 05:34 - 0014848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-22 17:49 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-22 17:47 - 2012-04-22 17:46 - 0000000 ____D C:\Users\David\AppData\Local\{0A70500B-8C44-466C-A6E5-29014A6610E3}
2012-04-22 17:46 - 2012-04-22 17:46 - 0000000 ____D C:\Users\David\AppData\Local\{75580811-E74C-4082-B102-98CB6F457A9C}
2012-04-22 17:46 - 2009-07-14 05:39 - 0030023 ____A C:\Windows\setupact.log
2012-04-22 17:44 - 2010-10-17 20:26 - 0000000 ____D C:\users\David
2012-04-22 17:44 - 2010-10-17 20:18 - 2414682112 __ASH C:\hiberfil.sys
2012-04-22 17:44 - 2009-07-14 05:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-22 17:44 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\wfp
2012-04-22 17:42 - 2010-10-17 20:45 - 0000000 ____D C:\Windows\System32\Drivers\N360
2012-04-22 17:42 - 2010-10-17 20:39 - 0000000 ____D C:\Users\All Users\Norton
2012-04-22 17:42 - 2010-10-17 20:39 - 0000000 ____D C:\ProgramData\Norton
2012-04-22 17:42 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-04-22 17:41 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\registration
2012-04-22 17:41 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-04-22 17:39 - 2010-11-23 19:04 - 0000000 ____D C:\Users\All Users\MySQL
2012-04-22 17:39 - 2010-11-23 19:04 - 0000000 ____D C:\ProgramData\MySQL
2012-04-22 17:34 - 2012-04-22 17:34 - 0000000 ____D C:\Users\David\AppData\Local\{8EB94645-DE0E-4463-94F5-443919F18E11}
2012-04-22 17:34 - 2012-04-22 17:34 - 0000000 ____D C:\Users\David\AppData\Local\{356CE8D9-4112-4097-AAF2-765ADDD5EA9B}
2012-04-18 16:00 - 2012-04-18 15:45 - 0031744 ____A C:\Users\David\Desktop\Löschdienst_summary.doc
2012-04-18 15:41 - 2012-04-18 14:50 - 0066048 ____A C:\Users\David\Desktop\HD_Lektionsvorbereitung_Loeschdienst_Druckl_.xls
2012-04-18 14:47 - 2012-04-18 14:46 - 0084480 ____A C:\Users\David\Desktop\TLF_übersicht.ppt
2012-04-18 14:36 - 2012-04-18 14:01 - 0047616 ____A C:\Users\David\Desktop\TLF_Einsatz_summary.doc
2012-04-18 14:36 - 2012-04-18 09:53 - 0060928 ____A C:\Users\David\Desktop\HD_Lektionsvorbereitung_Einsatz_TLF.xls
2012-04-17 13:28 - 2012-04-17 13:28 - 0000000 ____D C:\Users\David\AppData\Local\{AE6F1A14-B387-42A5-9BE2-B363942ADF31}
2012-04-17 13:28 - 2012-04-17 13:28 - 0000000 ____D C:\Users\David\AppData\Local\{5C6E33D0-2969-423C-AE54-8CD930F9D738}
2012-04-17 13:11 - 2012-04-17 13:11 - 0000000 ____D C:\Users\David\AppData\Local\{0B5E58C9-5824-4864-A6B9-53BCE7ED6F7E}
2012-04-17 13:11 - 2012-04-17 13:11 - 0000000 ____D C:\Users\David\AppData\Local\{018C9489-7539-4670-AC85-DF146FFD71DF}
2012-04-16 05:24 - 2012-04-16 02:28 - 0058782 ____A C:\OTL.Txt
2012-04-16 05:24 - 2012-04-16 02:28 - 0019538 ____A C:\Extras.Txt
2012-04-09 17:56 - 2012-04-09 17:56 - 0000000 ____D C:\Users\David\AppData\Local\{2334A902-3CBD-4FFB-88A5-1BA3953D4778}
2012-04-09 17:56 - 2012-04-09 17:56 - 0000000 ____D C:\Users\David\AppData\Local\{000D2179-8D69-4DD7-BFB9-973877490E25}
2012-04-09 17:16 - 2012-04-09 17:15 - 0000000 ____D C:\Users\David\AppData\Local\{DE16C105-7869-49D1-9242-FE6602AE2914}
2012-04-09 17:15 - 2012-04-09 17:15 - 0000000 ____D C:\Users\David\AppData\Local\{EDE744F5-A7FF-439D-A315-C8E88E1EDD4F}
2012-04-04 21:03 - 2012-04-04 21:02 - 0000000 ____D C:\Users\David\AppData\Local\{E6C1F8E9-6C64-4F63-9877-BCF8F0F14338}
2012-04-03 17:52 - 2012-04-03 17:52 - 0000000 ____D C:\Users\David\AppData\Local\{F5EE9A91-B0EF-4686-B9F3-47CBEA6D74C7}
2012-04-03 17:52 - 2012-04-03 17:52 - 0000000 ____D C:\Users\David\AppData\Local\{387FD345-4B38-4A24-9A04-054264FFA7F0}
2012-04-02 18:36 - 2012-04-02 18:35 - 0000000 ____D C:\Users\David\AppData\Local\{3E32F5DD-FB69-457E-A624-2F123CB7A8D9}
2012-04-02 18:35 - 2012-04-02 18:35 - 0000000 ____D C:\Users\David\AppData\Local\{3E858585-37B1-4A13-B89E-20407A7CB151}
2012-04-01 17:52 - 2012-04-01 17:52 - 0000000 ____D C:\Users\David\AppData\Local\{901E1C5F-D0DD-4C2B-A668-C00B7C9C67B6}
2012-04-01 17:51 - 2012-04-01 17:51 - 0000000 ____D C:\Users\David\AppData\Local\{5567838F-7506-43E0-B61B-8EDF976DD6F1}
2012-04-01 17:51 - 2010-10-17 21:13 - 0000000 ____D C:\Users\David\AppData\Roaming\Apple Computer
2012-04-01 17:47 - 2012-04-01 17:47 - 0001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-01 17:47 - 2012-04-01 17:47 - 0000000 ____D C:\Program Files\iTunes
2012-04-01 17:47 - 2012-04-01 17:47 - 0000000 ____D C:\Program Files\iPod
2012-04-01 17:47 - 2010-10-17 21:11 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-03-21 22:40 - 2012-03-21 22:40 - 0000000 ____D C:\Users\David\AppData\Local\{98FAB908-9C9F-454E-A0C9-4123F9EF0C36}
2012-03-21 22:40 - 2012-03-21 22:40 - 0000000 ____D C:\Users\David\AppData\Local\{7157B293-6B76-49F9-A3FA-45E3C335658C}
2012-03-21 22:38 - 2009-07-14 05:33 - 0411440 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-21 22:37 - 2010-10-17 20:47 - 0035272 ____A C:\Windows\PFRO.log
2012-03-18 18:20 - 2012-03-18 18:20 - 0020111 ____A C:\Users\David\Desktop\BFTV Bild.png
2012-03-15 20:30 - 2012-03-15 20:30 - 0016896 ____A C:\Users\David\Desktop\Ferien BK.xls
2012-03-12 22:40 - 2012-03-12 22:40 - 0000000 ____D C:\Users\David\AppData\Local\{3103B713-3633-4AB6-A301-C681BCD74556}
2012-03-12 22:40 - 2012-03-12 22:39 - 0000000 ____D C:\Users\David\AppData\Local\{DA59A69E-0B75-4F7F-B595-EA85EE63DBDD}
2012-03-12 19:04 - 2012-03-12 19:04 - 0000000 ____D C:\Users\David\AppData\Local\{45455288-F40B-4EB8-B98D-1EE7CC9B20AC}
2012-03-12 19:04 - 2012-03-12 19:03 - 0000000 ____D C:\Users\David\AppData\Local\{3654259C-2062-4A2F-84FD-4BD65EBB3AE2}
2012-03-12 18:57 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\de-DE
2012-03-11 19:22 - 2012-03-11 19:19 - 0004638 ____A C:\Windows\IE9_main.log
2012-03-11 19:21 - 2012-03-11 19:21 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-11 19:21 - 2012-03-11 19:21 - 0580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-11 19:21 - 2012-03-11 19:21 - 0353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-11 19:21 - 2012-03-11 19:21 - 0150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-11 19:21 - 2012-03-11 19:21 - 0142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-11 19:21 - 2012-03-11 19:21 - 0130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-11 19:21 - 2012-03-11 19:21 - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-11 19:21 - 2012-03-11 19:21 - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-11 19:21 - 2012-03-11 19:21 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-11 19:21 - 2012-03-11 19:21 - 0066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-11 19:21 - 2012-03-11 19:21 - 0054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-11 19:21 - 2012-03-11 19:21 - 0011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-11 19:21 - 2012-03-11 19:21 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-11 19:16 - 2012-03-11 19:16 - 0000000 ____D C:\Users\David\AppData\Local\{B277AD36-4091-4267-BB62-D3A3938991A5}
2012-03-11 19:16 - 2012-03-11 19:16 - 0000000 ____D C:\Users\David\AppData\Local\{67DEEC2F-697A-4DF5-8A58-5972D3AC8C36}
2012-03-06 06:59 - 2012-04-23 18:06 - 3958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-06 06:59 - 2012-04-23 18:06 - 3902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-04 13:34 - 2012-03-04 11:55 - 0029184 ____A C:\Users\David\Desktop\Lebenslauf_new.doc
2012-03-04 13:33 - 2012-03-04 12:47 - 3247104 ____A C:\Users\David\Desktop\Bewerbung Deckblatt.ppt
2012-03-04 11:39 - 2012-03-04 11:39 - 0034816 ____A C:\Users\David\Desktop\Lebenslauf für Stellenbewerbung.doc
2012-03-03 20:31 - 2012-03-03 18:01 - 0027648 ____A C:\Users\David\Desktop\Bewerbung.doc
2012-03-01 07:20 - 2012-03-01 07:20 - 0000000 ____D C:\Users\David\AppData\Local\{5680FBC4-027C-4F66-BEEF-7DC854273244}
2012-03-01 07:19 - 2012-03-01 07:19 - 0000000 ____D C:\Users\David\AppData\Local\{E67A1408-01B9-481F-AD60-0307030544ED}
2012-03-01 06:53 - 2012-04-23 18:08 - 0019312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-03-01 06:49 - 2012-04-23 18:08 - 0172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-03-01 06:45 - 2012-04-23 18:08 - 0158720 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-03-01 06:40 - 2012-04-23 18:08 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-28 02:52 - 2012-04-23 18:08 - 12281856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-28 02:27 - 2012-04-23 18:08 - 9705984 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-28 02:18 - 2012-04-23 18:08 - 1799168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-28 02:12 - 2012-04-23 18:08 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-28 02:11 - 2012-04-23 18:08 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-28 02:11 - 2012-04-23 18:08 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-28 02:09 - 2012-04-23 18:08 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-28 02:08 - 2012-04-23 18:08 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-28 02:06 - 2012-04-23 18:08 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-28 02:04 - 2012-04-23 18:08 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-28 02:03 - 2012-04-23 18:09 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-28 02:03 - 2012-04-23 18:09 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-28 01:59 - 2012-04-23 18:08 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 19:30 - 2012-02-27 19:30 - 0000000 ____D C:\Users\David\AppData\Local\{ADE0BEF9-57A7-4E7A-956D-CFDAD5D295C1}
2012-02-27 19:30 - 2012-02-27 19:30 - 0000000 ____D C:\Users\David\AppData\Local\{5A04F38F-4864-4DD8-A1E8-E26786F380E0}
2012-02-27 18:47 - 2012-02-27 18:47 - 0000000 ___HD C:\Users\All Users\CanonIJMyPrinter
2012-02-27 18:47 - 2012-02-27 18:47 - 0000000 ___HD C:\ProgramData\CanonIJMyPrinter
2012-02-27 18:47 - 2011-10-09 18:31 - 0000000 ____D C:\Program Files\Canon
2012-02-27 18:45 - 2012-02-27 18:45 - 0000000 ___HD C:\Users\All Users\CanonIJFAX
2012-02-27 18:45 - 2012-02-27 18:45 - 0000000 ___HD C:\ProgramData\CanonIJFAX
2012-02-27 18:45 - 2012-02-27 18:45 - 0000000 ____D C:\Users\All Users\Canon IJ Network Tool
2012-02-27 18:45 - 2012-02-27 18:45 - 0000000 ____D C:\ProgramData\Canon IJ Network Tool
2012-02-27 18:45 - 2009-07-14 05:52 - 0000000 ____D C:\Windows\twain_32
2012-02-27 18:45 - 2009-07-14 03:37 - 0000000 __RSD C:\Windows\Media
2012-02-27 18:43 - 2012-02-27 18:43 - 0000000 ____D C:\Users\All Users\CanonIJWSpt
2012-02-27 18:43 - 2012-02-27 18:43 - 0000000 ____D C:\ProgramData\CanonIJWSpt
2012-02-27 18:40 - 2012-02-27 18:40 - 0000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2012-02-27 18:39 - 2012-02-27 18:39 - 0000000 ___HD C:\Program Files\CanonBJ
2012-02-27 18:39 - 2012-02-27 18:39 - 0000000 ____D C:\Windows\System32\STRING
2012-02-19 20:59 - 2011-12-06 19:55 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-02-19 20:58 - 2012-02-19 20:58 - 0000000 ____D C:\Users\David\AppData\Local\{8FB367EC-FD00-4DF6-842D-51FAC52AD592}
2012-02-19 20:57 - 2012-02-19 20:57 - 0000000 ____D C:\Users\David\AppData\Local\{853A0345-6631-4E86-94B5-6289CC0F830D}
2012-02-19 20:55 - 2010-10-17 20:26 - 0000174 ___SH C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-19 20:54 - 2010-10-17 20:45 - 0002322 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-02-19 20:53 - 2010-10-17 20:57 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-02-19 20:50 - 2012-02-19 20:39 - 0007597 ____A C:\Users\David\AppData\Local\Resmon.ResmonCfg
2012-02-19 20:46 - 2011-06-17 22:21 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2012-02-19 20:44 - 2012-02-19 20:44 - 0000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2012-02-15 10:01 - 2012-02-15 10:01 - 4547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-02-15 10:01 - 2012-02-15 10:01 - 0043520 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl.sys
2012-02-15 06:44 - 2012-03-13 22:51 - 0826368 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-15 05:22 - 2012-03-13 22:51 - 0177152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-15 05:22 - 2012-03-13 22:51 - 0024064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-15 00:41 - 2012-02-15 00:40 - 0000000 ____D C:\Users\David\AppData\Local\{2CC84989-B0F1-4FEF-88D4-3DD5B893C7FE}
2012-02-15 00:40 - 2012-02-15 00:40 - 0000000 ____D C:\Users\David\AppData\Local\{3ACF1AAA-29AE-4EB2-9DBA-FD144ADDBB96}
2012-02-10 06:41 - 2012-03-14 18:56 - 1170944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-10 06:41 - 2012-03-14 18:56 - 1074176 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-10 06:41 - 2012-03-14 18:56 - 0739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-10 06:41 - 2012-03-14 18:56 - 0218624 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:41 - 2012-03-14 18:56 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 22:42 - 2012-02-09 22:33 - 1220096 ____A C:\Users\David\Desktop\Gutschein für 1mal.doc
2012-02-07 22:22 - 2010-10-17 20:45 - 0000000 ____D C:\Program Files\Symantec
2012-02-07 22:21 - 2010-10-17 20:45 - 0126584 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2012-02-07 22:21 - 2010-10-17 20:45 - 0007468 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2012-02-07 22:21 - 2010-10-17 20:45 - 0000806 ____A C:\Windows\System32\Drivers\SYMEVENT.INF
2012-02-07 22:18 - 2011-06-17 15:58 - 0001940 ____A C:\Users\David\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2012-02-03 09:34 - 2010-11-22 19:46 - 0000000 ____D C:\Users\David\Desktop\Feuerwehr
2012-02-03 05:01 - 2012-03-14 18:57 - 2341376 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-31 20:57 - 2012-01-31 20:57 - 0006451 ____A C:\Users\David\Desktop\Rechnungsausgang.PNG
2012-01-29 11:47 - 2012-01-29 11:47 - 0024487 ____A C:\Users\David\Desktop\Offiziersvorbereitungskurs_AdF_Programm_2012_BFVDT_v0.2[1].pdf
2012-01-25 06:44 - 2012-03-13 22:51 - 0129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:44 - 2012-03-13 22:51 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-25 06:40 - 2012-03-13 22:51 - 0008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll
[2009-07-14 00:24] - [2009-07-14 02:16] - 0811520 ____A (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 4094.43 MB
Available physical RAM: 3631.79 MB
Total Pagefile: 4092.71 MB
Available Pagefile: 3631.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.2 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:223.13 GB) (Free:153.08 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (HP_RECOVERY) (Fixed) (Total:9.75 GB) (Free:2.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:1.89 GB) (Free:0.36 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Datentr„ger ### Status Gr”áe Frei Dyn GPT
--------------- ------------- ------- ------- --- ---
Datentr„ger 0 Online 232 GB 1024 KB
Datentr„ger 1 Online 1936 MB 0 B

Partitions of Disk 0:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 223 GB 31 KB
Partition 2 Prim„r 9 GB 223 GB

======================================================================================================

Disk: 0
Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 223 GB Fehlerfre

======================================================================================================

Disk: 0
Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D HP_RECOVERY NTFS Partition 9 GB Fehlerfre

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 1935 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Typ : 06
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Wechselmed 1935 MB Fehlerfre

======================================================================================================

==========================================================

Last Boot: 2011-07-04 15:17

======================= End Of Log ==========================

Psychotic 24.04.2012 06:59
Schritt 1: Fix mit FRST


Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
HKLM\...\Run: [] [x]
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST64.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick.

Schließe FRST64.
Gib folgende Befehle ein (gefolgt von Enter):

Code:
copy C:\OTL.Txt F:
copy C:\Extras.Txt F:
Poste mir die fixlog.txt, die otl.txt und die Extras.txt.

Kann der Rechner wieder gestartet werden?

Huskeychi 24.04.2012 22:01
Der Computer startet wider ja.

Hier die drei files

Fixlog:
Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 16-04-2012
Ran by SYSTEM at 2012-04-24 22:54:56 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HKLM\...\Run: [] [x] Value not found.

==== End of Fixlog ====

Extras:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 4/16/2012 12:22:06 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows 7 Professional  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.13 Gb Total Space | 158.00 Gb Free Space | 70.81% Space Free | Partition Type: NTFS
Drive D: | 9.75 Gb Total Space | 2.79 Gb Free Space | 28.64% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 0.36 Gb Free Space | 19.16% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{36A665C9-D77D-4DD6-B3BB-D7224E7B764F}" = MySQL Server 5.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MX880 series Benutzerregistrierung" = Canon MX880 series Benutzerregistrierung
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"DPP" = Canon Utilities Digital Photo Professional 3.1
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"FlightGear_is1" = FlightGear v2.0.0
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"N360" = Norton 360
"NP_SO_2010" = SolothurnTax 2010 10.2.17
"NVIDIA Drivers" = NVIDIA Drivers
"ODSK" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PremiumSoft Navicat Lite 8.2_is1" = PremiumSoft Navicat Lite 8.2
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Spotify" = Spotify
"SpotifyRemotelessHelper 1.0.5" = SpotifyRemotelessHelper 1.0.5
"TeamViewer 6" = TeamViewer 6
"Tyre_is1" = Tyre
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
< End of report >
--- --- ---



OTL:OTL Logfile:
OTL EXTRAS Logfile:
Code:
OTL logfile created on: 4/16/2012 12:22:06 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows 7 Professional  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.13 Gb Total Space | 158.00 Gb Free Space | 70.81% Space Free | Partition Type: NTFS
Drive D: | 9.75 Gb Total Space | 2.79 Gb Free Space | 28.64% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 0.36 Gb Free Space | 19.16% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe -- (N360)
SRV - [2010/10/17 16:37:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/26 20:44:03 | 000,137,680 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/10/09 11:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/04/02 19:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120402.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/02/15 03:10:15 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/14 12:40:44 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120413.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/02/07 17:21:52 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/02/05 05:31:33 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/01 20:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120414.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/02/01 20:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120414.016\NAVENG.SYS -- (NAVENG)
DRV - [2011/04/20 21:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\N360\0502010.003\SYMNETS.SYS -- (SymNetS)
DRV - [2011/03/30 23:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\Drivers\N360\0502010.003\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0502010.003\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 22:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\N360\0502010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\N360\0502010.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0502010.003\Ironx86.SYS -- (SymIRON)
DRV - [2009/12/03 11:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/10/09 10:50:48 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/10/03 00:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/06/25 11:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 11:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 11:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/10 20:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\David_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKU\David_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH,en-CA;q=0.5
IE - HKU\David_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA F2 B6 CE D5 18 CD 01  [binary data]
IE - HKU\David_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\David_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 2
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.5.1
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/19 15:55:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_6_3 [2012/04/15 16:53:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/22 14:27:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/20 14:40:04 | 000,000,000 | ---D | M]
 
[2010/11/03 16:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2010/11/03 16:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\y3v34vbx.default\extensions
[2011/08/10 14:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/23 13:17:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/13 06:47:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/13 15:02:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_5_1
[2012/02/19 15:55:39 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2010/11/12 13:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/27 01:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/10/27 01:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/10/27 01:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/10/27 01:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/10/27 01:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O3 - HKU\David_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\David_ON_C..\Run: [5kS43ADO0bzprWo] C:\Users\David\AppData\Roaming\soundblaster_fx648.exe (Programma Gestionale)
O4 - HKU\David_ON_C..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\David_ON_C..\Run: [RemotelessHelper] C:\Program Files\SpotifyRemotelessHelper\SpotifyRemotelessHelper.exe ()
O4 - HKU\David_ON_C..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\David_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\David_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\David_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.boliden.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (C:\Users\David\AppData\Roaming\soundblaster_fx648.exe) - C:\Users\David\AppData\Roaming\soundblaster_fx648.exe (Programma Gestionale)
O20 - HKLM Winlogon: UserInit - (C:\Users\David\AppData\Roaming\soundblaster_fx648.exe) - C:\Users\David\AppData\Roaming\soundblaster_fx648.exe (Programma Gestionale)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\David_ON_C Winlogon: Shell - (C:\Users\David\AppData\Roaming\soundblaster_fx648.exe) - C:\Users\David\AppData\Roaming\soundblaster_fx648.exe (Programma Gestionale)
O20 - HKU\David_ON_C Winlogon: UserInit - (C:\Users\David\AppData\Roaming\soundblaster_fx648.exe) - C:\Users\David\AppData\Roaming\soundblaster_fx648.exe (Programma Gestionale)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/04/15 13:18:30 | 000,217,088 | ---- | C] (Programma Gestionale) -- C:\Users\David\AppData\Roaming\soundblaster_fx648.exe
[2012/04/15 07:53:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/15 07:53:19 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/15 07:53:19 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/04/15 07:53:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/15 07:53:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/15 07:53:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/15 07:53:17 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/15 07:49:26 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/15 07:49:25 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/09 12:56:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{000D2179-8D69-4DD7-BFB9-973877490E25}
[2012/04/09 12:56:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{2334A902-3CBD-4FFB-88A5-1BA3953D4778}
[2012/04/09 12:15:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{DE16C105-7869-49D1-9242-FE6602AE2914}
[2012/04/09 12:15:07 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{EDE744F5-A7FF-439D-A315-C8E88E1EDD4F}
[2012/04/04 16:02:57 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{E6C1F8E9-6C64-4F63-9877-BCF8F0F14338}
[2012/04/03 12:52:34 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{387FD345-4B38-4A24-9A04-054264FFA7F0}
[2012/04/03 12:52:15 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{F5EE9A91-B0EF-4686-B9F3-47CBEA6D74C7}
[2012/04/02 13:35:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3E32F5DD-FB69-457E-A624-2F123CB7A8D9}
[2012/04/02 13:35:43 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{3E858585-37B1-4A13-B89E-20407A7CB151}
[2012/04/01 12:52:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{901E1C5F-D0DD-4C2B-A668-C00B7C9C67B6}
[2012/04/01 12:51:33 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{5567838F-7506-43E0-B61B-8EDF976DD6F1}
[2012/04/01 12:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/01 12:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/01 12:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/21 17:40:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{7157B293-6B76-49F9-A3FA-45E3C335658C}
[2012/03/21 17:40:00 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{98FAB908-9C9F-454E-A0C9-4123F9EF0C36}
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/15 16:53:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/15 16:53:41 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/15 16:53:05 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/15 14:06:21 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 14:06:21 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 13:59:33 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/15 13:18:14 | 000,217,088 | ---- | M] (Programma Gestionale) -- C:\Users\David\AppData\Roaming\soundblaster_fx648.exe
[2012/04/15 07:53:32 | 001,515,438 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502010.003\Cat.DB
[2012/04/09 12:18:52 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/04/09 12:18:52 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/09 12:18:52 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/04/09 12:18:52 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/09 12:14:30 | 000,002,311 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/04/09 12:14:30 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012/04/01 12:47:32 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/01 12:47:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/27 21:17:55 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502010.003\isolate.ini
[2012/03/21 17:38:31 | 000,411,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/18 13:20:24 | 000,020,111 | ---- | M] () -- C:\Users\David\Desktop\BFTV Bild.png
 
========== Files Created - No Company Name ==========
 
[2012/04/01 12:47:32 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/18 13:20:24 | 000,020,111 | ---- | C] () -- C:\Users\David\Desktop\BFTV Bild.png
[2012/02/19 15:39:50 | 000,007,597 | ---- | C] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2011/06/17 16:33:10 | 000,000,080 | ---- | C] () -- C:\Users\David\AppData\Local\X-Plane Installer.prf
[2011/06/17 10:58:16 | 000,001,940 | ---- | C] () -- C:\Users\David\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/16 15:34:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/23 14:09:04 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2010/10/18 14:51:58 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/02 14:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009/07/14 04:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,411,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011/10/09 13:33:19 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Canon
[2011/08/11 18:21:39 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\flightgear.org
[2011/08/17 14:03:14 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\fltk.org
[2010/11/23 15:18:51 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\mresreg
[2011/11/01 18:15:19 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Spotify
[2011/07/04 07:51:12 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TeamViewer
[2010/11/23 14:29:08 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Tyre
[2010/10/17 15:26:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/02/27 13:45:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Canon IJ Network Tool
[2010/11/23 13:52:53 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2012/02/27 13:45:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJFAX
[2012/02/27 13:47:18 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJMyPrinter
[2012/04/05 13:59:53 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM
[2012/02/27 13:43:55 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJWSpt
[2011/05/24 11:31:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/10/17 15:26:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/01/23 15:22:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Downloaded Installations
[2010/10/17 15:26:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/05/04 13:23:59 | 000,000,000 | ---D | M] -- C:\ProgramData\m2portal
[2011/06/20 11:39:13 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at
[2010/11/23 14:04:31 | 000,000,000 | ---D | M] -- C:\ProgramData\MySQL
[2011/01/06 16:25:26 | 000,000,000 | ---D | M] -- C:\ProgramData\SolothurnTax 2010
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/10/17 15:26:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/01/23 15:22:44 | 000,000,000 | ---D | M] -- C:\ProgramData\TrueSuite
[2010/11/16 17:00:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Tyre
[2010/10/17 15:26:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/10/17 16:13:21 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/07/14 00:53:46 | 000,019,780 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

--- --- ---

Psychotic 25.04.2012 14:11
Schritt 1: defogger


Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.



Schritt 2: GMER


Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
  • keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
  • nichts am Rechner arbeiten,
  • nach jedem Scan der Rechner neu gestarten.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen). Vista und Win7 User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
    • Show all (sollte abgehackt sein)
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:18 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19