Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 weisser Sperbildschirm (https://www.trojaner-board.de/161902-windows-7-weisser-sperbildschirm.html)

MickeyMonday 16.12.2014 14:28
Windows 7 weisser Sperbildschirm
 
Hallo,

ich kann seit einiger Zeit mein Laptop nicht mehr nutzen. Kurz nach dem ich ihn anschalte kommt ein weißer Sperrbildschirm und ich kann nichts mehr machen. Das geschieht auch im abgesicherten Modus und reparieren lässt er sich auch nicht mehr.

Die OTLPE-CD hab ich schon gebrannt und diese OTL Logfile erstellt:OTL Logfile:
Code:
OTL logfile created on: 12/16/2014 1:27:50 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 74.34 Mb Free Space | 74.35% Space Free | Partition Type: NTFS
Drive D: | 138.94 Gb Total Space | 106.26 Gb Free Space | 76.47% Space Free | Partition Type: NTFS
Drive E: | 135.05 Gb Total Space | 107.05 Gb Free Space | 79.27% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - [2014/11/15 20:01:12 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/09/21 05:32:26 | 000,276,376 | R--- | M] (Symantec Corporation) [Auto] -- D:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe -- (NIS)
SRV - [2014/03/17 18:52:40 | 000,327,680 | ---- | M] () [Auto] -- D:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/09/21 09:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/09/21 09:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - [2014/12/07 19:23:35 | 001,636,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141209.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/12/07 19:23:35 | 000,095,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141209.019\NAVENG.SYS -- (NAVENG)
DRV - [2014/12/05 12:33:54 | 000,479,448 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20141209.001\IDSvix86.sys -- (IDSVix86)
DRV - [2014/12/02 19:45:46 | 001,138,392 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20141203.001_cc9\BHDrvx86.sys -- (BHDrvx86)
DRV - [2014/11/12 15:04:35 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2014/08/26 15:08:29 | 000,378,672 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/08/26 15:08:28 | 000,111,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/08/25 21:26:58 | 000,447,704 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\system32\drivers\NIS\1506000.020\SYMNETS.SYS -- (SymNetS)
DRV - [2014/08/25 21:26:57 | 000,936,152 | R--- | M] (Symantec Corporation) [File_System | Boot] -- D:\Windows\System32\drivers\NIS\1506000.020\SymEFA.sys -- (SymEFA)
DRV - [2014/08/25 21:26:57 | 000,063,576 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2014/08/25 21:26:56 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\NIS\1506000.020\SymDS.sys -- (SymDS)
DRV - [2014/08/25 21:20:22 | 000,664,792 | R--- | M] (Symantec Corporation) [File_System | On_Demand] -- D:\Windows\system32\drivers\NIS\1506000.020\SRTSP.SYS -- (SRTSP)
DRV - [2014/08/25 21:20:22 | 000,032,984 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\system32\drivers\NIS\1506000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2014/08/06 14:48:16 | 000,209,624 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\system32\drivers\NIS\1506000.020\Ironx86.SYS -- (SymIRON)
DRV - [2014/02/20 18:14:34 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\system32\drivers\NIS\1506000.020\ccSetx86.sys -- (ccSet_NIS)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/09/15 06:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009/08/11 06:58:30 | 000,488,448 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/08/06 11:16:00 | 009,824,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/27 09:06:44 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\diseck_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
IE - HKU\diseck_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\diseck_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 83 BD F4 B1 FE CF 01 [binary data]
IE - HKU\diseck_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: D:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\IPSFF [2014/11/12 15:06:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn\ [2014/12/11 04:07:39 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Norton Internet Security\Engine\21.6.0.32\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Internet Security\Engine\21.6.0.32\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\diseck_ON_D\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Internet Security\Engine\21.6.0.32\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [cAudioFilterAgent] D:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] D:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] D:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\diseck_ON_D..\Run: [EPSON SX210 Series] D:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\RunOnce: [*Restore] D:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk ()
O4 - Startup: D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk ()
O4 - Startup: D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\diseck_ON_D Winlogon: Shell - (C:\Users\diseck\AppData\Roaming\loadit.exe) - D:\Users\diseck\AppData\Roaming\loadit.exe ()
O20 - HKU\diseck_ON_D Winlogon: UserInit - (C:\Users\diseck\AppData\Roaming\loadit.exe) - D:\Users\diseck\AppData\Roaming\loadit.exe ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2014/12/10 08:35:38 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Local\PDF24
[2014/12/10 08:34:08 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2014/12/10 08:34:04 | 000,000,000 | ---D | C] -- D:\Program Files\PDF24
[2014/12/10 08:33:56 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Local\Programs
[2014/12/10 07:37:49 | 000,000,000 | -HSD | C] -- D:\Users\diseck\AppData\Local\EmieUserList
[2014/12/10 07:37:49 | 000,000,000 | -HSD | C] -- D:\Users\diseck\AppData\Local\EmieSiteList
[2014/12/10 07:37:49 | 000,000,000 | -HSD | C] -- D:\Users\diseck\AppData\Local\EmieBrowserModeList
[2014/12/04 17:47:33 | 000,000,000 | ---D | C] -- D:\Users\diseck\Documents\Daten Wichtig
[2014/12/04 06:11:33 | 000,000,000 | ---D | C] -- D:\ProgramData\McAfee
[2014/12/04 06:11:32 | 000,000,000 | ---D | C] -- D:\Program Files\McAfee Security Scan
[2014/12/04 06:10:03 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Adobe
[2014/12/04 06:10:03 | 000,000,000 | ---D | C] -- D:\Program Files\Adobe
[2014/12/04 06:09:35 | 000,000,000 | ---D | C] -- D:\ProgramData\Adobe
[2014/12/04 06:08:25 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Local\Adobe
[2014/12/02 12:03:43 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Roaming\WinRAR
[2014/11/24 18:52:22 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Local\CrashDumps
[2014/11/23 11:15:18 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Local\Diagnostics
[2014/11/23 08:28:13 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- D:\Windows\System32\eswiaud.dll
[2014/11/23 08:28:13 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- D:\Windows\System32\esdevapp.exe
[2014/11/23 08:28:13 | 000,015,872 | ---- | C] (SEIKO EPSON CORP.) -- D:\Windows\System32\escdev.dll
[2014/11/23 08:28:12 | 000,000,000 | ---D | C] -- D:\Program Files\epson
[2014/11/22 16:43:43 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2014/11/22 16:42:35 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- D:\Windows\System32\E_FLBFDE.DLL
[2014/11/22 16:42:35 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- D:\Windows\System32\E_DCINST.DLL
[2014/11/22 16:42:34 | 000,078,848 | ---- | C] (SEIKO EPSON CORPORATION) -- D:\Windows\System32\E_FD4BFDE.DLL
[2014/11/22 16:42:33 | 000,000,000 | ---D | C] -- D:\Windows\System32\DRVSTORE
[2014/11/22 16:41:13 | 000,000,000 | ---D | C] -- D:\ProgramData\EPSON
[2014/11/18 16:28:46 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Roaming\vlc
[2014/11/18 16:28:31 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/11/18 16:27:50 | 000,000,000 | ---D | C] -- D:\Program Files\VideoLAN
[2014/11/18 06:45:49 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/11/18 06:45:48 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/11/18 06:45:43 | 000,000,000 | ---D | C] -- D:\Program Files\WinRAR
[2014/11/18 06:31:26 | 000,000,000 | ---D | C] -- D:\Users\diseck\Documents\UseNeXT
[2014/11/18 06:31:25 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Roaming\UseNeXT
[2014/11/18 06:31:15 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
[2014/11/18 06:31:15 | 000,000,000 | ---D | C] -- D:\Program Files\UseNeXT
[2014/11/17 05:47:03 | 002,285,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msmpeg2vdec.dll
[2014/11/17 04:31:23 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Roaming\OpenOffice
[2014/11/17 04:20:39 | 000,000,000 | --SD | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
[2014/11/17 04:19:59 | 000,000,000 | ---D | C] -- D:\Program Files\OpenOffice 4
[2014/11/17 04:14:55 | 000,000,000 | ---D | C] -- D:\Users\diseck\Desktop\OpenOffice 4.1.1 (de) Installation Files
[2014/11/17 03:55:11 | 001,699,328 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\esent.dll
[2014/11/17 03:55:11 | 000,074,240 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\fsutil.exe
[2014/11/17 03:55:08 | 000,417,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\WMPhoto.dll
[2014/11/17 03:54:57 | 001,987,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10warp.dll
[2014/11/17 03:54:56 | 002,616,320 | ---- | C] (Microsoft Corporation) -- D:\Windows\explorer.exe
[2014/11/17 03:54:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\KBDYAK.DLL
[2014/11/17 03:54:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\KBDTAT.DLL
[2014/11/17 03:54:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\KBDRU1.DLL
[2014/11/17 03:54:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\KBDBASH.DLL
[2014/11/17 03:54:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\KBDRU.DLL
[2014/11/17 03:54:51 | 003,419,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d2d1.dll
[2014/11/17 03:54:50 | 000,667,648 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\MsSpellCheckingFacility.exe
[2014/11/17 03:51:19 | 000,181,344 | ---- | C] (SoftwareNetz) -- D:\Windows\snui.exe
[2014/11/17 03:51:19 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftwareNetz
[2014/11/17 03:51:18 | 000,000,000 | ---D | C] -- D:\Softwarenetz
[2014/11/17 03:45:48 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Roaming\Adobe

========== Files - Modified Within 30 Days ==========

[2014/12/14 19:31:12 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2014/12/14 19:31:12 | 000,000,110 | ---- | M] () -- D:\.dir
[2014/12/14 19:30:42 | 000,001,094 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/14 19:30:18 | 1606,623,232 | -HS- | M] () -- D:\hiberfil.sys
[2014/12/10 19:21:35 | 000,027,248 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/10 19:21:35 | 000,027,248 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/10 19:20:17 | 000,000,681 | ---- | M] () -- D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2014/12/10 19:20:04 | 000,691,924 | ---- | M] () -- D:\Users\diseck\AppData\Roaming\loadit.exe
[2014/12/10 19:14:19 | 000,000,708 | ---- | M] () -- D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
[2014/12/10 18:23:00 | 000,001,098 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/10 08:34:08 | 000,001,823 | ---- | M] () -- D:\Users\Public\Desktop\PDF24 Creator.lnk
[2014/12/10 08:34:08 | 000,001,803 | ---- | M] () -- D:\Users\Public\Desktop\PDF24 Fax.lnk
[2014/12/10 08:34:08 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2014/12/10 02:55:16 | 000,002,121 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/08 09:33:11 | 000,698,926 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2014/12/08 09:33:11 | 000,653,724 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2014/12/08 09:33:11 | 000,149,034 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2014/12/08 09:33:11 | 000,121,596 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2014/12/05 18:10:25 | 102,609,385 | ---- | M] () -- D:\Users\diseck\AppData\Roaming\autostarter.exe
[2014/12/04 06:45:54 | 000,015,192 | ---- | M] () -- D:\Users\diseck\Desktop\1.Januar 2013.ods
[2014/11/23 08:28:15 | 000,000,934 | ---- | M] () -- D:\Users\Public\Desktop\EPSON Scan.lnk
[2014/11/23 08:28:15 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2014/11/22 16:36:18 | 000,012,615 | ---- | M] () -- D:\Users\diseck\Desktop\Unbenannt 1.odt
[2014/11/21 05:28:17 | 000,001,807 | ---- | M] () -- D:\Users\diseck\Desktop\UseNeXT by Tangysoft.lnk
[2014/11/21 05:28:17 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
[2014/11/19 06:18:29 | 000,286,616 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2014/11/18 16:28:31 | 000,001,028 | ---- | M] () -- D:\Users\Public\Desktop\VLC media player.lnk
[2014/11/18 16:28:31 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/11/18 06:45:51 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/11/17 04:46:31 | 000,000,000 | -H-- | M] () -- D:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/11/17 04:21:08 | 000,000,000 | --SD | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
[2014/11/17 04:20:41 | 000,001,074 | ---- | M] () -- D:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
[2014/11/17 03:55:57 | 000,001,667 | ---- | M] () -- D:\Users\diseck\Desktop\Rechnung3.lnk
[2014/11/17 03:51:21 | 000,001,667 | ---- | M] () -- D:\Users\diseck\Desktop\Rechnung5.lnk

========== Files Created - No Company Name ==========

[2014/12/10 19:20:16 | 000,000,681 | ---- | C] () -- D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2014/12/10 19:20:03 | 000,691,924 | ---- | C] () -- D:\Users\diseck\AppData\Roaming\loadit.exe
[2014/12/10 19:14:19 | 000,000,708 | ---- | C] () -- D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
[2014/12/10 19:14:17 | 102,609,385 | ---- | C] () -- D:\Users\diseck\AppData\Roaming\autostarter.exe
[2014/12/10 08:34:08 | 000,001,823 | ---- | C] () -- D:\Users\Public\Desktop\PDF24 Creator.lnk
[2014/12/10 08:34:08 | 000,001,803 | ---- | C] () -- D:\Users\Public\Desktop\PDF24 Fax.lnk
[2014/12/04 06:45:50 | 000,015,192 | ---- | C] () -- D:\Users\diseck\Desktop\1.Januar 2013.ods
[2014/11/23 08:28:15 | 000,000,934 | ---- | C] () -- D:\Users\Public\Desktop\EPSON Scan.lnk
[2014/11/22 16:36:15 | 000,012,615 | ---- | C] () -- D:\Users\diseck\Desktop\Unbenannt 1.odt
[2014/11/18 16:28:31 | 000,001,028 | ---- | C] () -- D:\Users\Public\Desktop\VLC media player.lnk
[2014/11/18 06:31:15 | 000,001,807 | ---- | C] () -- D:\Users\diseck\Desktop\UseNeXT by Tangysoft.lnk
[2014/11/17 04:46:31 | 000,000,000 | -H-- | C] () -- D:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/11/17 04:20:41 | 000,001,074 | ---- | C] () -- D:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
[2014/11/17 03:55:57 | 000,001,667 | ---- | C] () -- D:\Users\diseck\Desktop\Rechnung3.lnk
[2014/11/17 03:51:21 | 000,001,667 | ---- | C] () -- D:\Users\diseck\Desktop\Rechnung5.lnk
[2011/04/11 20:30:05 | 000,698,926 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2011/04/11 20:30:05 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2011/04/11 20:30:05 | 000,149,034 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2011/04/11 20:30:05 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2010/11/20 16:29:24 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2009/07/14 06:29:50 | 000,006,088 | ---- | C] () -- D:\Windows\System32\drivers\CDConfig.bin
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,286,616 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,653,724 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,121,596 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat

========== LOP Check ==========

[2014/11/12 12:49:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2014/11/12 12:49:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2014/11/22 16:43:55 | 000,000,000 | ---D | M] -- D:\ProgramData\EPSON
[2014/11/12 12:49:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2014/11/12 12:49:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2014/11/12 12:49:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2009/07/13 23:53:46 | 000,011,468 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
--- --- ---

Ich hoffe mir kann einer helfen!


Vielen Dank im Vorraus!

Warlord711 16.12.2014 14:41
Hallo MickeyMonday

:hallo:

Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Hier findest du die Anleitung für Hilfesuchende
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir "arbeiten" hier alle freiwillig und in unserer Freizeit *hust*. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.


Führe sämtliche Tools mit administrativen Rechten aus, Vista, Win7,Win8 User mit Rechtsklick "als Administrator starten".


Hi !
Code:
:OTL
O4 - Startup: D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk ()
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt) Kopiere nun den Inhalt hier in Deinen Thread

Warlord711 16.12.2014 14:45
Achja nach dem Fix mal direkt probieren ob der normale Start funktioniert.

Falls nicht so wie hier vorgehen, aber den Weg über die OTLPE nehmen:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).


MickeyMonday 16.12.2014 15:20
Vielen Dank erstmal für deine Antwort!

Soll ich die OTL.exe ausführen nach dem ich den Rechner mit der OTLPE-CD hochgefahren hab?

Oder soll ich sofort das Scan mit Farbar's Recovery Scan Tool benutzen?

Warlord711 16.12.2014 15:26
Falls du nen USB Stick zur Hand hast, wäre FRST die erste Wahl, vor allem weil es mehr zeigt als OTL.

MickeyMonday 16.12.2014 15:49
ok wird gemacht!


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2014 01
Ran by SYSTEM on MININT-JN0FQ4A on 16-12-2014 15:45:06
Running from H:\
Platform: Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [262656 2010-11-20] (Microsoft Corporation)
HKU\diseck\...\Run: [EPSON SX210 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE [199680 2008-11-05] (SEIKO EPSON CORPORATION)
HKU\diseck\...\Winlogon: [Userinit] C:\Users\diseck\AppData\Roaming\loadit.exe [691924 2014-12-11] ()
HKU\diseck\...\Winlogon: [Shell] C:\Users\diseck\AppData\Roaming\loadit.exe [691924 2014-12-11] () <==== ATTENTION
Startup: C:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk ->  (No File)
Startup: C:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk ->  (No File)
Startup: C:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
S2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2014-03-18] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20141203.001_cc9\BHDrvx86.sys [1138392 2014-12-03] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1506000.020\ccSetx86.sys [127064 2014-02-21] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-08-26] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-08-26] (Symantec Corporation)
S1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20141209.001\IDSvix86.sys [479448 2014-12-05] (Symantec Corporation)
S3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141209.019\NAVENG.SYS [95704 2014-12-08] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141209.019\NAVEX15.SYS [1636696 2014-12-08] (Symantec Corporation)
S3 SRTSP; C:\Windows\system32\drivers\NIS\1506000.020\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1506000.020\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1506000.020\SYMDS.SYS [367704 2014-08-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1506000.020\SYMEFA.SYS [936152 2014-08-26] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-11-12] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [63576 2014-08-26] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\NIS\1506000.020\SYMNETS.SYS [447704 2014-08-26] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 19:29 - 2014-12-16 20:17 - 00053918 _____ () C:\OTL.Txt
2014-12-16 15:44 - 2014-12-16 15:45 - 00000000 ____D () C:\FRST
2014-12-11 01:20 - 2014-12-11 01:20 - 00691924 _____ () C:\Users\diseck\AppData\Roaming\loadit.exe
2014-12-11 01:20 - 2014-12-11 01:20 - 00000032 _____ () C:\Users\diseck\AppData\Roaming\url.txt
2014-12-11 01:14 - 2014-12-06 00:10 - 102609385 _____ () C:\Users\diseck\AppData\Roaming\autostarter.exe
2014-12-10 14:35 - 2014-12-10 14:35 - 00000000 ____D () C:\Users\diseck\AppData\Local\PDF24
2014-12-10 14:34 - 2014-12-10 14:34 - 00001823 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-12-10 14:34 - 2014-12-10 14:34 - 00001803 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-12-10 14:34 - 2014-12-10 14:34 - 00000000 ____D () C:\Program Files\PDF24
2014-12-10 14:29 - 2014-12-10 14:32 - 16342352 _____ (Geek Software GmbH ) C:\Users\diseck\Downloads\pdf24-creator-6.9.2.exe
2014-12-10 14:04 - 2014-12-10 14:04 - 00015810 _____ () C:\Users\diseck\Downloads\Turmspringen_2014_TSP_2014_Licht_Stundenzettel (1).xlsx
2014-12-10 13:37 - 2014-12-10 13:37 - 00000000 __SHD () C:\Users\diseck\AppData\Local\EmieUserList
2014-12-10 13:37 - 2014-12-10 13:37 - 00000000 __SHD () C:\Users\diseck\AppData\Local\EmieSiteList
2014-12-10 13:37 - 2014-12-10 13:37 - 00000000 __SHD () C:\Users\diseck\AppData\Local\EmieBrowserModeList
2014-12-10 09:27 - 2014-12-10 09:27 - 00015810 _____ () C:\Users\diseck\Downloads\Turmspringen_2014_TSP_2014_Licht_Stundenzettel.xlsx
2014-12-04 23:47 - 2014-12-05 14:59 - 00000000 ____D () C:\Users\diseck\Documents\Daten Wichtig
2014-12-04 12:45 - 2014-12-04 12:45 - 00015192 _____ () C:\Users\diseck\Desktop\1.Januar 2013.ods
2014-12-04 12:11 - 2014-12-08 15:22 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-12-04 12:11 - 2014-12-04 12:11 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-04 12:10 - 2014-12-04 12:10 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-04 12:10 - 2014-12-04 12:10 - 00000000 ____D () C:\Program Files\Adobe
2014-12-04 12:09 - 2014-12-04 12:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-04 12:08 - 2014-12-04 12:12 - 00000000 ____D () C:\Users\diseck\AppData\Local\Adobe
2014-12-02 18:03 - 2014-12-02 18:03 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\WinRAR
2014-11-25 00:52 - 2014-11-25 00:52 - 00000000 ____D () C:\Users\diseck\AppData\Local\CrashDumps
2014-11-23 17:37 - 2014-11-23 17:37 - 00011844 _____ () C:\Users\diseck\Downloads\Verpflegungsmehraufwand Mai 2014.xlsx
2014-11-23 14:28 - 2014-11-23 14:28 - 00000934 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-11-23 14:28 - 2014-11-23 14:28 - 00000000 ____D () C:\Program Files\epson
2014-11-23 14:28 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\Windows\System32\esdevapp.exe
2014-11-23 14:28 - 2009-05-01 00:00 - 00015872 _____ (SEIKO EPSON CORP.) C:\Windows\System32\escdev.dll
2014-11-23 14:28 - 2008-11-17 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\Windows\System32\eswiaud.dll
2014-11-23 14:22 - 2014-11-23 14:23 - 12872704 _____ () C:\Users\diseck\Downloads\epson323810eu.exe
2014-11-22 22:42 - 2008-08-08 02:09 - 00086528 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\E_FLBFDE.DLL
2014-11-22 22:42 - 2007-12-07 02:01 - 00078848 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\E_FD4BFDE.DLL
2014-11-22 22:42 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\System32\E_DCINST.DLL
2014-11-22 22:41 - 2014-11-22 22:43 - 00000000 ____D () C:\ProgramData\EPSON
2014-11-22 22:40 - 2014-11-22 22:40 - 15605760 _____ () C:\Users\diseck\Downloads\epson323813eu.exe
2014-11-22 22:36 - 2014-11-22 22:36 - 00012615 _____ () C:\Users\diseck\Desktop\Unbenannt 1.odt
2014-11-19 12:24 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-11-19 12:24 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2014-11-18 22:28 - 2014-12-09 20:15 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\vlc
2014-11-18 22:28 - 2014-11-18 22:28 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-18 22:27 - 2014-11-18 22:27 - 00000000 ____D () C:\Program Files\VideoLAN
2014-11-18 22:26 - 2014-11-18 22:27 - 24743106 _____ () C:\Users\diseck\Downloads\vlc-2.1.5-win32.exe
2014-11-18 12:45 - 2014-11-18 12:45 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-18 12:44 - 2014-11-18 12:44 - 01857192 _____ () C:\Users\diseck\Downloads\wrar511d.exe
2014-11-18 12:31 - 2014-12-11 01:20 - 00000000 ____D () C:\Users\diseck\Documents\UseNeXT
2014-11-18 12:31 - 2014-12-11 01:19 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\UseNeXT
2014-11-18 12:31 - 2014-12-09 01:00 - 00000000 ____D () C:\Program Files\UseNeXT
2014-11-18 12:31 - 2014-11-21 11:28 - 00001807 _____ () C:\Users\diseck\Desktop\UseNeXT by Tangysoft.lnk
2014-11-18 12:31 - 2014-11-18 12:31 - 00064024 _____ () C:\Users\diseck\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-18 12:30 - 2014-11-18 12:30 - 05274000 _____ (Tangysoft Ltd. ) C:\Users\diseck\Downloads\UseNeXTSetup_5.63.exe
2014-11-17 11:47 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2014-11-17 10:46 - 2014-11-17 10:46 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-11-17 10:31 - 2014-11-17 10:31 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\OpenOffice
2014-11-17 10:20 - 2014-11-17 10:20 - 00001074 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-11-17 10:19 - 2014-11-17 10:20 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-11-17 10:14 - 2014-11-17 10:14 - 00000000 ____D () C:\Users\diseck\Desktop\OpenOffice 4.1.1 (de) Installation Files
2014-11-17 10:12 - 2014-11-17 10:14 - 164858324 _____ () C:\Users\diseck\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2014-11-17 10:11 - 2014-11-17 10:11 - 00038262 _____ () C:\Users\diseck\Downloads\Stock_Car_2014_Stock_Car_Licht_Stundenzettel (1).xlsx
2014-11-17 09:55 - 2014-11-17 09:55 - 00001667 _____ () C:\Users\diseck\Desktop\Rechnung3.lnk
2014-11-17 09:55 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2014-11-17 09:55 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2014-11-17 09:55 - 2012-02-11 06:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2014-11-17 09:55 - 2011-03-11 06:39 - 00143744 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2014-11-17 09:55 - 2011-03-11 06:39 - 00117120 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2014-11-17 09:55 - 2011-03-11 06:38 - 00332160 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2014-11-17 09:55 - 2011-03-11 06:38 - 00080256 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2014-11-17 09:55 - 2011-03-11 06:38 - 00022400 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2014-11-17 09:55 - 2011-03-11 06:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\System32\esent.dll
2014-11-17 09:55 - 2011-03-11 06:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2014-11-17 09:55 - 2011-03-11 05:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2014-11-17 09:54 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-17 09:54 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\KBDYAK.DLL
2014-11-17 09:54 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\KBDTAT.DLL
2014-11-17 09:54 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\KBDRU1.DLL
2014-11-17 09:54 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\KBDBASH.DLL
2014-11-17 09:54 - 2014-07-09 02:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\System32\KBDRU.DLL
2014-11-17 09:54 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\System32\locale.nls
2014-11-17 09:54 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-11-17 09:54 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2014-11-17 09:54 - 2011-02-25 06:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-11-17 09:51 - 2014-11-17 09:55 - 00000000 ____D () C:\Softwarenetz
2014-11-17 09:51 - 2014-11-17 09:51 - 00001667 _____ () C:\Users\diseck\Desktop\Rechnung5.lnk
2014-11-17 09:51 - 2011-07-06 07:32 - 00181344 _____ (SoftwareNetz) C:\Windows\snui.exe
2014-11-17 09:48 - 2014-11-17 09:49 - 08500928 _____ () C:\Users\diseck\Downloads\snrech5.exe
2014-11-17 09:48 - 2014-11-17 09:48 - 06612064 _____ () C:\Users\diseck\Downloads\snrech3.exe
2014-11-17 09:45 - 2014-12-04 12:17 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\Adobe
2014-11-16 02:01 - 2014-11-16 02:01 - 19781632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 12819456 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 04298240 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-11-16 02:01 - 2014-11-16 02:01 - 02277376 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 02051072 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-11-16 02:01 - 2014-11-16 02:01 - 01892864 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 01310208 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00708096 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00688640 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00683008 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-11-16 02:01 - 2014-11-16 02:01 - 00645120 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00620032 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2014-11-16 02:01 - 2014-11-16 02:01 - 00610304 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00501248 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00478208 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00341168 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00337408 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2014-11-16 02:01 - 2014-11-16 02:01 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00208384 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00151552 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2014-11-16 02:01 - 2014-11-16 02:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2014-11-16 02:01 - 2014-11-16 02:01 - 00127488 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-11-16 02:01 - 2014-11-16 02:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-11-16 02:01 - 2014-11-16 02:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00083456 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2014-11-16 02:01 - 2014-11-16 02:01 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2014-11-16 02:01 - 2014-11-16 02:01 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2014-11-16 02:01 - 2014-11-16 02:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2014-11-16 02:01 - 2014-11-16 02:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2014-11-16 02:01 - 2014-11-16 02:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2014-11-16 02:01 - 2014-11-16 02:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 19:27 - 2014-11-12 18:49 - 00000000 ____D () C:\users\diseck
2014-12-15 01:31 - 2014-11-12 22:19 - 00000110 _____ () C:\.dir
2014-12-15 01:30 - 2009-07-14 05:39 - 00031721 _____ () C:\Windows\setupact.log
2014-12-15 01:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-12-11 10:09 - 2014-11-12 18:41 - 01481238 _____ () C:\Windows\WindowsUpdate.log
2014-12-11 01:21 - 2009-07-14 05:34 - 00027248 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-11 01:21 - 2009-07-14 05:34 - 00027248 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-10 08:55 - 2014-11-12 22:10 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-08 15:33 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-12-08 15:22 - 2014-11-12 21:01 - 00000000 ____D () C:\ProgramData\Norton
2014-12-08 15:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\wfp
2014-12-08 15:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-12-03 11:43 - 2010-11-20 22:48 - 00009768 _____ () C:\Windows\PFRO.log
2014-11-25 00:52 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-24 23:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\NDF
2014-11-23 14:28 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
2014-11-19 12:18 - 2009-07-14 05:33 - 00286616 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-11-18 15:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-11-18 00:29 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\de-DE
2014-11-17 10:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-17 10:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-16 02:04 - 2014-11-14 11:15 - 00040527 _____ () C:\Windows\IE11_main.log

Some content of TEMP:
====================
C:\Users\diseck\AppData\Local\Temp\i4jdel0.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2014-11-14 10:00] - [2014-07-17 02:39] - 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-12-03 20:11:36
Restore point made on: 2014-12-11 10:09:38

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 2042.93 MB
Available physical RAM: 1626.26 MB
Total Pagefile: 2042.93 MB
Available Pagefile: 1626.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:138.94 GB) (Free:106.2 GB) NTFS
Drive e: () (Fixed) (Total:135.05 GB) (Free:107.05 GB) NTFS
Drive f: () (Fixed) (Total:24 GB) (Free:23.91 GB) NTFS
Drive g: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive h: (KINGSTON) (Removable) (Total:29.26 GB) (Free:29.26 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E5598D59)
Partition 1: (Not Active) - (Size=24 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=138.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=135 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 29.3 GB) (Disk ID: 2F12F716)
Partition 1: (Active) - (Size=29.3 GB) - (Type=0C)


LastRegBack: 2014-12-05 02:24

==================== End Of Log ============================
--- --- ---

--- --- ---

Warlord711 16.12.2014 15:55
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\diseck\...\Winlogon: [Userinit] C:\Users\diseck\AppData\Roaming\loadit.exe [691924 2014-12-11] ()
HKU\diseck\...\Winlogon: [Shell] C:\Users\diseck\AppData\Roaming\loadit.exe [691924 2014-12-11] () <==== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Danach den Rechner normal starten.

MickeyMonday 16.12.2014 16:07
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-12-2014 01
Ran by SYSTEM at 2014-12-16 16:05:03 Run:1
Running from H:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\diseck\...\Winlogon: [Userinit] C:\Users\diseck\AppData\Roaming\loadit.exe [691924 2014-12-11] ()
HKU\diseck\...\Winlogon: [Shell] C:\Users\diseck\AppData\Roaming\loadit.exe [691924 2014-12-11] () <==== ATTENTION
*****************

HKU\diseck\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value deleted successfully.
HKU\diseck\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.

==== End of Fixlog ====

Warlord711 16.12.2014 16:24
Wenn der Rechner wieder normal gestartet ist, mach nen frisches FRST Log:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


MickeyMonday 16.12.2014 16:35
ich hab den Rechner jetzt normal gestartet, kann aber leider immer noch nichts sehen außer den Sperrbildschirm, der ist jetzt aber nicht mehr weiß, sondern da steht etwas von der GVU!

Warlord711 16.12.2014 16:46
Nanu ?

Kannst mir nochmal über OTLPE ein FRST-Log erstellen ?

MickeyMonday 16.12.2014 23:48
Na klar!


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2014 01
Ran by SYSTEM on REATOGO on 16-12-2014 23:42:55
Running from D:\
Platform: WIN_XP (X86) OS Language: English (United States)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

ATTENTION: Software hive is missing.

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)


==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

==================== Restore Points (XP) =====================


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 2042.86 MB
Available physical RAM: 1822.36 MB
Total Pagefile: 1873.58 MB
Available Pagefile: 1804.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.11 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive d: (KINGSTON) (Removable) (Total:29.26 GB) (Free:27.29 GB) FAT32
Drive e: () (Fixed) (Total:138.94 GB) (Free:105.99 GB) NTFS
Drive f: () (Fixed) (Total:135.05 GB) (Free:107.05 GB) NTFS
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 29.3 GB) (Disk ID: 2F12F716)
Partition 1: (Active) - (Size=29.3 GB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E5598D59)
Partition 1: (Not Active) - (Size=24 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=138.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=135 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

[/CODE]

Warlord711 17.12.2014 09:13
Hmm also da stimmt was nicht, er hat das System nicht gefunden.

Kannst evlt nochmal machen ? Also neu von OTLPE booten und nen FRST Scan machen.
Schau dann bitte gleich mal ins Log ob erneut:
Zitat:
Attention: Could not load system hive.
Attention: System hive is missing.
im Log steht.

Falls ja, versuch mal testweise mit dem OTL nen Scan zu erstellen und poste das dann.

MickeyMonday 17.12.2014 13:48
Hallo,


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2014 01
Ran by SYSTEM on REATOGO on 17-12-2014 13:40:15
Running from F:\
Platform: Windows 7 Professional (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKU\diseck\...\Run: [EPSON SX210 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE [199680 2008-11-05] (SEIKO EPSON CORPORATION)
HKU\diseck\...\RunOnce: [Application Restart #0] => C:\Windows\System32\rstrui.exe [262656 2010-11-20] (Microsoft Corporation)
HKU\diseck\...\RunOnce: [Application Restart #1] => C:\Program Files\Internet Explorer\iexplore.exe [815280 2014-11-26] (Microsoft Corporation)
HKU\diseck\...\RunOnce: [Application Restart #2] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-12-08] (Google Inc.)
Startup: C:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk ->  (No File)
Startup: C:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk ->  (No File)
Startup: C:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
S2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2014-03-17] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20141203.001_cc9\BHDrvx86.sys [1138392 2014-12-02] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1506000.020\ccSetx86.sys [127064 2014-02-20] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-08-26] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-08-26] (Symantec Corporation)
S1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20141209.001\IDSvix86.sys [479448 2014-12-05] (Symantec Corporation)
S3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141209.019\NAVENG.SYS [95704 2014-12-07] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141209.019\NAVEX15.SYS [1636696 2014-12-07] (Symantec Corporation)
S3 SRTSP; C:\Windows\system32\drivers\NIS\1506000.020\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1506000.020\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1506000.020\SYMDS.SYS [367704 2014-08-25] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1506000.020\SYMEFA.SYS [936152 2014-08-25] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-11-12] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [63576 2014-08-25] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\NIS\1506000.020\SYMNETS.SYS [447704 2014-08-25] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 17:15 - 2014-12-16 17:15 - 00000000 ____D () C:\Windows\System32\appraiser
2014-12-16 13:29 - 2014-12-17 13:32 - 00063020 _____ () C:\OTL.Txt
2014-12-16 11:32 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2014-12-16 11:32 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2014-12-16 11:32 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2014-12-16 11:32 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2014-12-16 11:32 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2014-12-16 09:44 - 2014-12-16 10:05 - 00000000 ____D () C:\FRST
2014-12-10 19:20 - 2014-12-16 17:24 - 00000032 _____ () C:\Users\diseck\AppData\Roaming\url.txt
2014-12-10 19:20 - 2014-12-10 19:20 - 00691924 _____ () C:\Users\diseck\AppData\Roaming\loadit.exe
2014-12-10 19:14 - 2014-12-05 18:10 - 102609385 _____ () C:\Users\diseck\AppData\Roaming\autostarter.exe
2014-12-10 08:35 - 2014-12-10 08:35 - 00000000 ____D () C:\Users\diseck\AppData\Local\PDF24
2014-12-10 08:34 - 2014-12-10 08:34 - 00001823 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-12-10 08:34 - 2014-12-10 08:34 - 00001803 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-12-10 08:34 - 2014-12-10 08:34 - 00000000 ____D () C:\Program Files\PDF24
2014-12-10 08:29 - 2014-12-10 08:32 - 16342352 _____ (Geek Software GmbH ) C:\Users\diseck\Downloads\pdf24-creator-6.9.2.exe
2014-12-10 08:04 - 2014-12-10 08:04 - 00015810 _____ () C:\Users\diseck\Downloads\Turmspringen_2014_TSP_2014_Licht_Stundenzettel (1).xlsx
2014-12-10 07:37 - 2014-12-10 07:37 - 00000000 __SHD () C:\Users\diseck\AppData\Local\EmieUserList
2014-12-10 07:37 - 2014-12-10 07:37 - 00000000 __SHD () C:\Users\diseck\AppData\Local\EmieSiteList
2014-12-10 07:37 - 2014-12-10 07:37 - 00000000 __SHD () C:\Users\diseck\AppData\Local\EmieBrowserModeList
2014-12-10 03:27 - 2014-12-10 03:27 - 00015810 _____ () C:\Users\diseck\Downloads\Turmspringen_2014_TSP_2014_Licht_Stundenzettel.xlsx
2014-12-10 02:52 - 2014-12-03 23:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2014-12-10 02:52 - 2014-12-03 23:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2014-12-10 02:52 - 2014-12-03 23:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2014-12-10 02:52 - 2014-12-03 23:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2014-12-10 02:52 - 2014-12-03 23:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-12-10 02:52 - 2014-12-03 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2014-12-10 02:52 - 2014-12-03 23:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-12-10 02:52 - 2014-12-01 18:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2014-12-10 02:52 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-12-10 02:52 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-12-10 02:52 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-12-10 02:52 - 2014-11-21 21:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-12-10 02:52 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-12-10 02:52 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-12-10 02:52 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-12-10 02:52 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-12-10 02:52 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-12-10 02:52 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-12-10 02:52 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-12-10 02:52 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-12-10 02:52 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-12-10 02:52 - 2014-11-21 20:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-12-10 02:52 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-12-10 02:52 - 2014-11-21 20:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-12-10 02:52 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-12-10 02:52 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-12-10 02:52 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-12-10 02:52 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-12-10 02:52 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-12-10 02:52 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-12-10 02:52 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-12-10 02:52 - 2014-11-21 20:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-12-10 02:52 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-12-10 02:52 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-12-10 02:52 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-12-10 02:52 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-12-10 02:52 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-12-10 02:52 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-12-10 02:52 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2014-12-10 02:52 - 2014-11-10 20:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2014-12-10 02:51 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-12-10 02:51 - 2014-10-29 20:46 - 01174528 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2014-12-10 02:51 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2014-12-04 17:47 - 2014-12-05 08:59 - 00000000 ____D () C:\Users\diseck\Documents\Daten Wichtig
2014-12-04 06:45 - 2014-12-04 06:45 - 00015192 _____ () C:\Users\diseck\Desktop\1.Januar 2013.ods
2014-12-04 06:11 - 2014-12-08 09:22 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-12-04 06:10 - 2014-12-04 06:10 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-04 06:10 - 2014-12-04 06:10 - 00000000 ____D () C:\Program Files\Adobe
2014-12-04 06:08 - 2014-12-04 06:12 - 00000000 ____D () C:\Users\diseck\AppData\Local\Adobe
2014-12-02 12:03 - 2014-12-02 12:03 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\WinRAR
2014-11-24 18:52 - 2014-11-24 18:52 - 00000000 ____D () C:\Users\diseck\AppData\Local\CrashDumps
2014-11-23 11:37 - 2014-11-23 11:37 - 00011844 _____ () C:\Users\diseck\Downloads\Verpflegungsmehraufwand Mai 2014.xlsx
2014-11-23 08:28 - 2014-11-23 08:28 - 00000934 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-11-23 08:28 - 2014-11-23 08:28 - 00000000 ____D () C:\Program Files\epson
2014-11-23 08:28 - 2009-04-30 18:00 - 00128392 _____ (Seiko Epson Corporation) C:\Windows\System32\esdevapp.exe
2014-11-23 08:28 - 2009-04-30 18:00 - 00015872 _____ (SEIKO EPSON CORP.) C:\Windows\System32\escdev.dll
2014-11-23 08:28 - 2008-11-16 18:00 - 00342016 _____ (Seiko Epson Corporation) C:\Windows\System32\eswiaud.dll
2014-11-23 08:22 - 2014-11-23 08:23 - 12872704 _____ () C:\Users\diseck\Downloads\epson323810eu.exe
2014-11-22 16:42 - 2008-08-07 20:09 - 00086528 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\E_FLBFDE.DLL
2014-11-22 16:42 - 2007-12-06 20:01 - 00078848 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\E_FD4BFDE.DLL
2014-11-22 16:42 - 2007-04-09 19:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\System32\E_DCINST.DLL
2014-11-22 16:40 - 2014-11-22 16:40 - 15605760 _____ () C:\Users\diseck\Downloads\epson323813eu.exe
2014-11-22 16:36 - 2014-11-22 16:36 - 00012615 _____ () C:\Users\diseck\Desktop\Unbenannt 1.odt
2014-11-19 06:24 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-11-19 06:24 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2014-11-18 16:28 - 2014-12-09 14:15 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\vlc
2014-11-18 16:28 - 2014-11-18 16:28 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-18 16:27 - 2014-11-18 16:27 - 00000000 ____D () C:\Program Files\VideoLAN
2014-11-18 16:26 - 2014-11-18 16:27 - 24743106 _____ () C:\Users\diseck\Downloads\vlc-2.1.5-win32.exe
2014-11-18 06:45 - 2014-11-18 06:45 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-18 06:44 - 2014-11-18 06:44 - 01857192 _____ () C:\Users\diseck\Downloads\wrar511d.exe
2014-11-18 06:31 - 2014-12-10 19:20 - 00000000 ____D () C:\Users\diseck\Documents\UseNeXT
2014-11-18 06:31 - 2014-12-10 19:19 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\UseNeXT
2014-11-18 06:31 - 2014-12-08 19:00 - 00000000 ____D () C:\Program Files\UseNeXT
2014-11-18 06:31 - 2014-11-21 05:28 - 00001807 _____ () C:\Users\diseck\Desktop\UseNeXT by Tangysoft.lnk
2014-11-18 06:31 - 2014-11-18 06:31 - 00064024 _____ () C:\Users\diseck\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-18 06:30 - 2014-11-18 06:30 - 05274000 _____ (Tangysoft Ltd. ) C:\Users\diseck\Downloads\UseNeXTSetup_5.63.exe
2014-11-17 05:47 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2014-11-17 04:46 - 2014-11-17 04:46 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-11-17 04:31 - 2014-11-17 04:31 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\OpenOffice
2014-11-17 04:20 - 2014-11-17 04:20 - 00001074 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-11-17 04:19 - 2014-11-17 04:20 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-11-17 04:14 - 2014-11-17 04:14 - 00000000 ____D () C:\Users\diseck\Desktop\OpenOffice 4.1.1 (de) Installation Files
2014-11-17 04:12 - 2014-11-17 04:14 - 164858324 _____ () C:\Users\diseck\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2014-11-17 04:11 - 2014-11-17 04:11 - 00038262 _____ () C:\Users\diseck\Downloads\Stock_Car_2014_Stock_Car_Licht_Stundenzettel (1).xlsx
2014-11-17 03:55 - 2014-11-17 03:55 - 00001667 _____ () C:\Users\diseck\Desktop\Rechnung3.lnk
2014-11-17 03:55 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2014-11-17 03:55 - 2012-02-11 00:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2014-11-17 03:55 - 2011-03-11 00:39 - 00143744 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2014-11-17 03:55 - 2011-03-11 00:39 - 00117120 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2014-11-17 03:55 - 2011-03-11 00:38 - 00332160 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2014-11-17 03:55 - 2011-03-11 00:38 - 00080256 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2014-11-17 03:55 - 2011-03-11 00:38 - 00022400 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2014-11-17 03:55 - 2011-03-11 00:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\System32\esent.dll
2014-11-17 03:55 - 2011-03-11 00:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2014-11-17 03:55 - 2011-03-10 23:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2014-11-17 03:54 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\KBDYAK.DLL
2014-11-17 03:54 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\KBDTAT.DLL
2014-11-17 03:54 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\KBDRU1.DLL
2014-11-17 03:54 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\KBDBASH.DLL
2014-11-17 03:54 - 2014-07-08 20:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\System32\KBDRU.DLL
2014-11-17 03:54 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\System32\locale.nls
2014-11-17 03:54 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-11-17 03:54 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2014-11-17 03:54 - 2011-02-25 00:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-11-17 03:51 - 2014-11-17 03:55 - 00000000 ____D () C:\Softwarenetz
2014-11-17 03:51 - 2014-11-17 03:51 - 00001667 _____ () C:\Users\diseck\Desktop\Rechnung5.lnk
2014-11-17 03:51 - 2011-07-06 01:32 - 00181344 _____ (SoftwareNetz) C:\Windows\snui.exe
2014-11-17 03:48 - 2014-11-17 03:49 - 08500928 _____ () C:\Users\diseck\Downloads\snrech5.exe
2014-11-17 03:48 - 2014-11-17 03:48 - 06612064 _____ () C:\Users\diseck\Downloads\snrech3.exe
2014-11-17 03:45 - 2014-12-04 06:17 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 17:29 - 2014-11-12 12:41 - 01558663 _____ () C:\Windows\WindowsUpdate.log
2014-12-16 17:29 - 2009-07-13 23:39 - 00032057 _____ () C:\Windows\setupact.log
2014-12-16 17:26 - 2014-11-12 16:19 - 00000110 _____ () C:\.dir
2014-12-16 17:17 - 2009-07-13 23:34 - 00027248 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-16 17:17 - 2009-07-13 23:34 - 00027248 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-16 17:15 - 2014-11-15 08:14 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-12-16 17:15 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\System32\de-DE
2014-12-16 17:15 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-16 10:32 - 2010-11-20 16:01 - 01618320 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-12-16 10:27 - 2014-11-12 12:49 - 00000000 ____D () C:\users\diseck
2014-12-14 19:28 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2014-12-10 02:55 - 2014-11-12 16:10 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-08 09:22 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\System32\wfp
2014-12-08 09:20 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-12-03 05:43 - 2010-11-20 16:48 - 00009768 _____ () C:\Windows\PFRO.log
2014-11-24 18:52 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-24 17:36 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\System32\NDF
2014-11-23 08:28 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\twain_32
2014-11-19 06:18 - 2009-07-13 23:33 - 00286616 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-11-18 09:05 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-11-17 04:30 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-17 04:15 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

Some content of TEMP:
====================
C:\Users\diseck\AppData\Local\Temp\i4jdel0.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2014-11-14 04:00] - [2014-07-16 20:39] - 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-12-03 14:11:36
Restore point made on: 2014-12-11 04:09:38
Restore point made on: 2014-12-16 10:32:27

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 2042.86 MB
Available physical RAM: 1760.28 MB
Total Pagefile: 1873.57 MB
Available Pagefile: 1800.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 2000.87 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:138.94 GB) (Free:105.99 GB) NTFS
Drive e: () (Fixed) (Total:135.05 GB) (Free:107.05 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:29.26 GB) (Free:27.29 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E5598D59)
Partition 1: (Not Active) - (Size=24 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=138.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=135 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 29.3 GB) (Disk ID: 2F12F716)
Partition 1: (Active) - (Size=29.3 GB) - (Type=0C)


LastRegBack: 2014-12-04 20:24

==================== End Of Log ============================
--- --- ---

--- --- ---


OTL Logfile:
Code:
OTL logfile created on: 12/17/2014 1:30:42 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 74.34 Mb Free Space | 74.35% Space Free | Partition Type: NTFS
Drive D: | 138.94 Gb Total Space | 105.99 Gb Free Space | 76.28% Space Free | Partition Type: NTFS
Drive E: | 135.05 Gb Total Space | 107.05 Gb Free Space | 79.27% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - [2014/11/21 20:55:14 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/09/21 05:32:26 | 000,276,376 | R--- | M] (Symantec Corporation) [Auto] -- D:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe -- (NIS)
SRV - [2014/03/17 18:52:40 | 000,327,680 | ---- | M] () [Auto] -- D:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/09/21 09:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/09/21 09:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014/12/07 19:23:35 | 001,636,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141209.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/12/07 19:23:35 | 000,095,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141209.019\NAVENG.SYS -- (NAVENG)
DRV - [2014/12/05 12:33:54 | 000,479,448 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20141209.001\IDSvix86.sys -- (IDSVix86)
DRV - [2014/12/02 19:45:46 | 001,138,392 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20141203.001_cc9\BHDrvx86.sys -- (BHDrvx86)
DRV - [2014/11/12 15:04:35 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2014/08/26 15:08:29 | 000,378,672 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/08/26 15:08:28 | 000,111,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/08/25 21:26:58 | 000,447,704 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\system32\drivers\NIS\1506000.020\SYMNETS.SYS -- (SymNetS)
DRV - [2014/08/25 21:26:57 | 000,936,152 | R--- | M] (Symantec Corporation) [File_System | Boot] -- D:\Windows\System32\drivers\NIS\1506000.020\SymEFA.sys -- (SymEFA)
DRV - [2014/08/25 21:26:57 | 000,063,576 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2014/08/25 21:26:56 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\NIS\1506000.020\SymDS.sys -- (SymDS)
DRV - [2014/08/25 21:20:22 | 000,664,792 | R--- | M] (Symantec Corporation) [File_System | On_Demand] -- D:\Windows\system32\drivers\NIS\1506000.020\SRTSP.SYS -- (SRTSP)
DRV - [2014/08/25 21:20:22 | 000,032,984 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\system32\drivers\NIS\1506000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2014/08/06 14:48:16 | 000,209,624 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\system32\drivers\NIS\1506000.020\Ironx86.SYS -- (SymIRON)
DRV - [2014/02/20 18:14:34 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\system32\drivers\NIS\1506000.020\ccSetx86.sys -- (ccSet_NIS)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/09/15 06:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009/08/11 06:58:30 | 000,488,448 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/08/06 11:16:00 | 009,824,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/27 09:06:44 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\diseck_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
IE - HKU\diseck_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\diseck_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 83 BD F4 B1 FE CF 01  [binary data]
IE - HKU\diseck_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: D:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\IPSFF [2014/11/12 15:06:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn\ [2014/12/16 17:28:57 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Norton Internet Security\Engine\21.6.0.32\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Internet Security\Engine\21.6.0.32\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\diseck_ON_D\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Internet Security\Engine\21.6.0.32\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [cAudioFilterAgent] D:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] D:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] D:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\diseck_ON_D..\Run: [EPSON SX210 Series] D:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\diseck_ON_D..\RunOnce: [Application Restart #0] D:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - HKU\diseck_ON_D..\RunOnce: [Application Restart #2] D:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk ()
O4 - Startup: D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk ()
O4 - Startup: D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/16 17:15:13 | 000,000,000 | ---D | C] -- D:\Windows\System32\appraiser
[2014/12/16 11:32:44 | 000,023,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfpmp.exe
[2014/12/16 11:32:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mferror.dll
[2014/12/16 11:32:42 | 003,209,728 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mf.dll
[2014/12/16 11:32:42 | 000,103,424 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfps.dll
[2014/12/16 11:32:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rrinstaller.exe
[2014/12/16 09:44:48 | 000,000,000 | ---D | C] -- D:\FRST
[2014/12/10 08:35:38 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Local\PDF24
[2014/12/10 08:34:08 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2014/12/10 08:34:04 | 000,000,000 | ---D | C] -- D:\Program Files\PDF24
[2014/12/10 08:33:56 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Local\Programs
[2014/12/10 07:37:49 | 000,000,000 | -HSD | C] -- D:\Users\diseck\AppData\Local\EmieUserList
[2014/12/10 07:37:49 | 000,000,000 | -HSD | C] -- D:\Users\diseck\AppData\Local\EmieSiteList
[2014/12/10 07:37:49 | 000,000,000 | -HSD | C] -- D:\Users\diseck\AppData\Local\EmieBrowserModeList
[2014/12/10 02:52:22 | 001,160,872 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\aitstatic.exe
[2014/12/10 02:52:22 | 000,873,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\aeinv.dll
[2014/12/10 02:52:22 | 000,728,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\appraiser.dll
[2014/12/10 02:52:22 | 000,610,304 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\invagent.dll
[2014/12/10 02:52:22 | 000,159,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\aepic.dll
[2014/12/10 02:52:21 | 000,337,920 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\generaltel.dll
[2014/12/10 02:52:21 | 000,315,392 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\devinv.dll
[2014/12/10 02:52:21 | 000,202,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\aepdu.dll
[2014/12/10 02:52:18 | 000,102,912 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieetwcollector.exe
[2014/12/10 02:52:18 | 000,060,416 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/12/10 02:52:18 | 000,047,616 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieetwproxystub.dll
[2014/12/10 02:52:17 | 000,667,648 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\MsSpellCheckingFacility.exe
[2014/12/10 02:52:17 | 000,620,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9diag.dll
[2014/12/10 02:52:17 | 000,501,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2014/12/10 02:52:17 | 000,418,304 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxtmsft.dll
[2014/12/10 02:52:17 | 000,115,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2014/12/10 02:52:17 | 000,047,104 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
[2014/12/10 02:52:17 | 000,004,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieetwcollectorres.dll
[2014/12/10 02:52:15 | 000,285,696 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxtrans.dll
[2014/12/10 02:52:14 | 000,478,208 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2014/12/10 02:52:13 | 001,155,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmlmedia.dll
[2014/12/10 02:52:13 | 000,064,000 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\MshtmlDac.dll
[2014/12/10 02:52:11 | 004,299,264 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2014/12/10 02:52:07 | 000,710,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dll
[2014/12/10 02:52:07 | 000,688,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2014/12/10 02:52:07 | 000,684,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe
[2014/12/10 02:52:07 | 000,342,200 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iedkcs32.dll
[2014/12/10 02:52:07 | 000,030,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll
[2014/12/10 02:52:06 | 002,724,864 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb
[2014/12/10 02:52:05 | 002,052,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2014/12/10 02:52:05 | 000,168,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msrating.dll
[2014/12/10 02:52:05 | 000,062,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll
[2014/12/10 02:51:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tzres.dll
[2014/12/04 17:47:33 | 000,000,000 | ---D | C] -- D:\Users\diseck\Documents\Daten Wichtig
[2014/12/04 06:11:33 | 000,000,000 | ---D | C] -- D:\ProgramData\McAfee
[2014/12/04 06:11:32 | 000,000,000 | ---D | C] -- D:\Program Files\McAfee Security Scan
[2014/12/04 06:10:03 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Adobe
[2014/12/04 06:10:03 | 000,000,000 | ---D | C] -- D:\Program Files\Adobe
[2014/12/04 06:09:35 | 000,000,000 | ---D | C] -- D:\ProgramData\Adobe
[2014/12/04 06:08:25 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Local\Adobe
[2014/12/02 12:03:43 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Roaming\WinRAR
[2014/11/24 18:52:22 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Local\CrashDumps
[2014/11/23 11:15:18 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Local\Diagnostics
[2014/11/23 08:28:13 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- D:\Windows\System32\eswiaud.dll
[2014/11/23 08:28:13 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- D:\Windows\System32\esdevapp.exe
[2014/11/23 08:28:13 | 000,015,872 | ---- | C] (SEIKO EPSON CORP.) -- D:\Windows\System32\escdev.dll
[2014/11/23 08:28:12 | 000,000,000 | ---D | C] -- D:\Program Files\epson
[2014/11/22 16:43:43 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2014/11/22 16:42:35 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- D:\Windows\System32\E_FLBFDE.DLL
[2014/11/22 16:42:35 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- D:\Windows\System32\E_DCINST.DLL
[2014/11/22 16:42:34 | 000,078,848 | ---- | C] (SEIKO EPSON CORPORATION) -- D:\Windows\System32\E_FD4BFDE.DLL
[2014/11/22 16:42:33 | 000,000,000 | ---D | C] -- D:\Windows\System32\DRVSTORE
[2014/11/22 16:41:13 | 000,000,000 | ---D | C] -- D:\ProgramData\EPSON
[2014/11/18 16:28:46 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Roaming\vlc
[2014/11/18 16:28:31 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/11/18 16:27:50 | 000,000,000 | ---D | C] -- D:\Program Files\VideoLAN
[2014/11/18 06:45:49 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/11/18 06:45:48 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/11/18 06:45:43 | 000,000,000 | ---D | C] -- D:\Program Files\WinRAR
[2014/11/18 06:31:26 | 000,000,000 | ---D | C] -- D:\Users\diseck\Documents\UseNeXT
[2014/11/18 06:31:25 | 000,000,000 | ---D | C] -- D:\Users\diseck\AppData\Roaming\UseNeXT
[2014/11/18 06:31:15 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
[2014/11/18 06:31:15 | 000,000,000 | ---D | C] -- D:\Program Files\UseNeXT
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/16 17:30:02 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2014/12/16 17:26:33 | 000,000,110 | ---- | M] () -- D:\.dir
[2014/12/16 17:26:08 | 000,001,094 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/16 17:25:47 | 1606,623,232 | -HS- | M] () -- D:\hiberfil.sys
[2014/12/16 17:23:00 | 000,001,098 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/16 17:17:57 | 000,027,248 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/16 17:17:57 | 000,027,248 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/16 10:32:53 | 000,698,926 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2014/12/16 10:32:53 | 000,653,724 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2014/12/16 10:32:53 | 000,149,034 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2014/12/16 10:32:53 | 000,121,596 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2014/12/10 19:20:17 | 000,000,681 | ---- | M] () -- D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2014/12/10 19:20:04 | 000,691,924 | ---- | M] () -- D:\Users\diseck\AppData\Roaming\loadit.exe
[2014/12/10 19:14:19 | 000,000,708 | ---- | M] () -- D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
[2014/12/10 08:34:08 | 000,001,823 | ---- | M] () -- D:\Users\Public\Desktop\PDF24 Creator.lnk
[2014/12/10 08:34:08 | 000,001,803 | ---- | M] () -- D:\Users\Public\Desktop\PDF24 Fax.lnk
[2014/12/10 08:34:08 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2014/12/10 02:55:16 | 000,002,121 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/05 18:10:25 | 102,609,385 | ---- | M] () -- D:\Users\diseck\AppData\Roaming\autostarter.exe
[2014/12/04 06:45:54 | 000,015,192 | ---- | M] () -- D:\Users\diseck\Desktop\1.Januar 2013.ods
[2014/12/03 23:38:59 | 000,337,920 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\generaltel.dll
[2014/12/03 23:38:45 | 000,610,304 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\invagent.dll
[2014/12/03 23:38:40 | 000,315,392 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\devinv.dll
[2014/12/03 23:38:37 | 000,728,576 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\appraiser.dll
[2014/12/03 23:38:36 | 000,202,752 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\aepdu.dll
[2014/12/03 23:38:36 | 000,159,744 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\aepic.dll
[2014/12/03 23:34:13 | 000,873,984 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\aeinv.dll
[2014/12/01 18:28:26 | 001,160,872 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\aitstatic.exe
[2014/11/26 20:10:45 | 000,342,200 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iedkcs32.dll
[2014/11/23 08:28:15 | 000,000,934 | ---- | M] () -- D:\Users\Public\Desktop\EPSON Scan.lnk
[2014/11/23 08:28:15 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2014/11/22 16:36:18 | 000,012,615 | ---- | M] () -- D:\Users\diseck\Desktop\Unbenannt 1.odt
[2014/11/21 21:20:44 | 002,724,864 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb
[2014/11/21 21:20:30 | 000,004,096 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieetwcollectorres.dll
[2014/11/21 21:07:43 | 000,501,248 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2014/11/21 21:07:17 | 000,062,464 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll
[2014/11/21 21:06:32 | 000,047,616 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieetwproxystub.dll
[2014/11/21 21:05:02 | 000,064,000 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\MshtmlDac.dll
[2014/11/21 20:59:42 | 000,047,104 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
[2014/11/21 20:58:54 | 000,030,720 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll
[2014/11/21 20:56:40 | 000,478,208 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2014/11/21 20:55:16 | 000,115,712 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2014/11/21 20:55:14 | 000,102,912 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieetwcollector.exe
[2014/11/21 20:54:30 | 000,620,032 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\jscript9diag.dll
[2014/11/21 20:48:26 | 000,667,648 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\MsSpellCheckingFacility.exe
[2014/11/21 20:45:18 | 000,418,304 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dxtmsft.dll
[2014/11/21 20:40:04 | 000,060,416 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/11/21 20:36:14 | 000,168,960 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msrating.dll
[2014/11/21 20:33:22 | 000,285,696 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dxtrans.dll
[2014/11/21 20:29:26 | 004,299,264 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2014/11/21 20:23:48 | 000,688,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2014/11/21 20:23:06 | 000,684,544 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe
[2014/11/21 20:22:49 | 002,052,096 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2014/11/21 20:21:57 | 001,155,072 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtmlmedia.dll
[2014/11/21 19:54:44 | 000,710,144 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dll
[2014/11/21 05:28:17 | 000,001,807 | ---- | M] () -- D:\Users\diseck\Desktop\UseNeXT by Tangysoft.lnk
[2014/11/21 05:28:17 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
[2014/11/19 06:18:29 | 000,286,616 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2014/11/18 16:28:31 | 000,001,028 | ---- | M] () -- D:\Users\Public\Desktop\VLC media player.lnk
[2014/11/18 16:28:31 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/11/18 06:45:51 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
 
========== Files Created - No Company Name ==========
 
[2014/12/10 19:20:16 | 000,000,681 | ---- | C] () -- D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2014/12/10 19:20:03 | 000,691,924 | ---- | C] () -- D:\Users\diseck\AppData\Roaming\loadit.exe
[2014/12/10 19:14:19 | 000,000,708 | ---- | C] () -- D:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
[2014/12/10 19:14:17 | 102,609,385 | ---- | C] () -- D:\Users\diseck\AppData\Roaming\autostarter.exe
[2014/12/10 08:34:08 | 000,001,823 | ---- | C] () -- D:\Users\Public\Desktop\PDF24 Creator.lnk
[2014/12/10 08:34:08 | 000,001,803 | ---- | C] () -- D:\Users\Public\Desktop\PDF24 Fax.lnk
[2014/12/04 06:45:50 | 000,015,192 | ---- | C] () -- D:\Users\diseck\Desktop\1.Januar 2013.ods
[2014/11/23 08:28:15 | 000,000,934 | ---- | C] () -- D:\Users\Public\Desktop\EPSON Scan.lnk
[2014/11/22 16:36:15 | 000,012,615 | ---- | C] () -- D:\Users\diseck\Desktop\Unbenannt 1.odt
[2014/11/18 16:28:31 | 000,001,028 | ---- | C] () -- D:\Users\Public\Desktop\VLC media player.lnk
[2014/11/18 06:31:15 | 000,001,807 | ---- | C] () -- D:\Users\diseck\Desktop\UseNeXT by Tangysoft.lnk
[2011/04/11 20:30:05 | 000,698,926 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2011/04/11 20:30:05 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2011/04/11 20:30:05 | 000,149,034 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2011/04/11 20:30:05 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2010/11/20 16:29:24 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2009/07/14 06:29:50 | 000,006,088 | ---- | C] () -- D:\Windows\System32\drivers\CDConfig.bin
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,286,616 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,653,724 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,121,596 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2014/11/12 12:49:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2014/11/12 12:49:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2014/11/22 16:43:55 | 000,000,000 | ---D | M] -- D:\ProgramData\EPSON
[2014/11/12 12:49:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2014/11/12 12:49:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2014/11/12 12:49:39 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2009/07/13 23:53:46 | 000,012,224 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

[/CODE]

Warlord711 17.12.2014 15:23
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
D:\Users\diseck\AppData\Roaming\autostarter.exe
D:\Users\diseck\AppData\Roaming\loadit.exe
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Und danach erneut versuchen, den Rechner normal zu starten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:13 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131