| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: VLC von der falschen Seite geladen..Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.01.2014, 10:40
| #1 |
 |  VLC von der falschen Seite geladen.. Hallo zusammen, ich bin auch mal wieder hier. Ich habe mir vor einigen Tagen VLC von VLC.de runtergeladen. Nun ist mir aufgefallen, dass auf meinem Desktop ein Symbol Startseite ist. (Ab und an habe ich diese Seite auch mal im Browser gesehen, aber irgendwie hat mich das nicht weiter verwundert) Eigentlich wollte ich das ganze einfach deinstallieren, habe dann beim googlen aber gesehen, dass es sich dabei wohl auch um Trojaner oder ähnliches handeln kann. Kann mir vielleicht jemand helfen, wie ich das Zeug wieder weg bekomme? (Dabei hatte ich gerade erst Windows 8 neu installiert und war froh endlich mal 100% sicher sein zu können, dass nicht böses drauf ist.. nun ja) Ich hab in einem anderen Thread gelesen, dass man OTL laufen lassen sollte, also habe ich das schon mal gemacht falls es euch hilft. Vielen vielen Dank schonmal! LG Code:
ATTFilter OTL logfile created on: 15.01.2014 10:12:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Prinzessin\Desktop 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16750) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,59% Memory free 4,65 Gb Paging File | 3,27 Gb Available in Paging File | 70,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,17 Gb Total Space | 800,94 Gb Free Space | 86,01% Space Free | Partition Type: NTFS Computer Name: LILLI | User Name: Prinzessin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014.01.15 10:10:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Prinzessin\Desktop\OTL.exe PRC - [2013.12.18 02:02:36 | 030,714,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.11.26 21:48:28 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe PRC - [2013.11.20 15:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2013.09.14 02:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe PRC - [2013.07.22 10:09:08 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.14 16:30:10 | 000,978,240 | ---- | M] (Fortinet Inc.) -- C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe PRC - [2012.08.14 16:12:44 | 000,192,530 | ---- | M] (Fortinet Inc.) -- C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe PRC - [2012.08.14 16:05:26 | 000,073,746 | ---- | M] (Fortinet Inc.) -- C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe PRC - [2006.09.12 23:00:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE PRC - [2004.06.13 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSVC01A.EXE ========== Modules (No Company Name) ========== MOD - [2013.12.18 02:01:12 | 003,558,400 | ---- | M] () -- C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2013.09.14 00:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll MOD - [2013.09.14 00:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll MOD - [2013.08.23 20:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.04.21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.04.21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.08.16 06:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2013.06.24 23:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2013.06.01 10:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2013.05.04 07:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.05.04 07:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2013.04.09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2013.03.02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.03.02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.01.10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.07.26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 04:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2014.01.01 21:47:27 | 000,119,920 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.08.14 16:05:26 | 000,073,746 | ---- | M] (Fortinet Inc.) [Auto | Running] -- C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe -- (FA_Scheduler) SRV - [2012.07.26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2004.06.13 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.10.10 12:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2013.10.05 07:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013.10.02 03:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.08.16 06:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2013.08.10 07:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.07.09 09:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2013.07.02 02:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013.07.02 02:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2013.07.02 01:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.07.01 23:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.06.29 07:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013.06.01 04:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.03.02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.03.02 11:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.01.10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.12.13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.19 06:46:20 | 000,447,864 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.14 16:32:30 | 000,046,888 | ---- | M] (Fortinet Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\FortiRdr2.sys -- (FortiRdr) DRV:64bit: - [2012.08.14 16:32:28 | 000,126,760 | ---- | M] (Fortinet Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fortips.sys -- (Fortips) DRV:64bit: - [2012.08.14 16:32:10 | 000,015,656 | ---- | M] (Fortinet Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fortiapd.sys -- (fortiapd) DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 03:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid) DRV:64bit: - [2012.07.26 03:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp) DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 03:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr) DRV:64bit: - [2012.07.26 03:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp) DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.25 23:53:22 | 011,926,528 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.06.29 03:00:48 | 000,360,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.06.02 15:31:37 | 000,425,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2012.06.02 15:31:33 | 005,139,968 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BCMWL63A.SYS -- (BCM43XX) DRV:64bit: - [2011.09.09 08:21:26 | 000,023,928 | ---- | M] (Fortinet Inc) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\FortiFilter.sys -- (FortiFilter) DRV:64bit: - [2011.03.21 12:54:24 | 000,016,928 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ftvnic.sys -- (ft_vnic) DRV:64bit: - [2009.06.25 16:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009.06.25 15:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009.06.25 15:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\rimspx64.sys -- (rimsptsk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{20B1356B-8C0D-4BA9-907C-B5A739CC1D05}: "URL" = hxxp://www.sm.de/?q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 CA 91 9E FC 03 CF 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{20B1356B-8C0D-4BA9-907C-B5A739CC1D05}: "URL" = hxxp://www.sm.de/?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0a1 FF - prefs.js..network.proxy.http: "proxy.fh-brandenburg.de" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 29.0a1\extensions\\Components: C:\Program Files (x86)\Nightly\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 29.0a1\extensions\\Plugins: C:\Program Files (x86)\Nightly\plugins FF - HKEY_CURRENT_USER\software\mozilla\Nightly 29.0a1\extensions\\Components: C:\Program Files (x86)\Nightly\components FF - HKEY_CURRENT_USER\software\mozilla\Nightly 29.0a1\extensions\\Plugins: C:\Program Files (x86)\Nightly\plugins [2013.08.15 18:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prinzessin\AppData\Roaming\mozilla\Extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Google Docs = C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: iCloud-Lesezeichen = C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0\ CHR - Extension: Hola Besseres Internet = C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.2.290_0\ CHR - Extension: Google Wallet = C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: Google Mail = C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - Startup: C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{179D611B-4400-4760-B24C-281784C0B406}: DhcpNameServer = 10.0.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73A2423E-CE5C-4673-BD07-5059F5A97DBC}: DhcpNameServer = 10.0.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5CA293A-A3BE-43AE-A169-037BAEB0823B}: DhcpNameServer = *** *** O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {74166507-F39E-305E-A972-2C3478E47350} - .NET Framework ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {3A8403F3-90B5-35DC-8926-EB9B907209F9} - .NET Framework ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2014.01.15 10:10:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Prinzessin\Desktop\OTL.exe [2014.01.11 21:21:26 | 000,000,000 | ---D | C] -- C:\Users\Prinzessin\AppData\Roaming\vlc [2014.01.11 21:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2014.01.11 21:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2014.01.04 15:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad [2014.01.04 15:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell [2014.01.01 21:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nightly [2014.01.01 18:43:02 | 000,000,000 | ---D | C] -- C:\Users\Prinzessin\Documents\Kiwilicious [2013.12.29 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\Prinzessin\Desktop\uploads [2013.12.28 19:51:41 | 000,000,000 | ---D | C] -- C:\Users\Prinzessin\Documents\XAMPP [2013.12.28 16:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP [2013.12.28 16:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\XAMPP [2013.12.28 16:38:37 | 000,000,000 | ---D | C] -- C:\Users\Prinzessin\AppData\Roaming\Helios [2013.12.28 16:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TextPad [2013.12.28 16:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\TextPad 7 [2013.12.27 21:06:08 | 000,000,000 | ---D | C] -- C:\Users\Prinzessin\Desktop\Kiwilicious Backup 27.12 [2013.12.23 12:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.12.23 12:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2013.12.23 12:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2013.12.23 12:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.12.23 12:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.12.23 12:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.12.23 12:18:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.12.23 12:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 ========== Files - Modified Within 30 Days ========== [2014.01.15 10:10:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Prinzessin\Desktop\OTL.exe [2014.01.15 10:03:17 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.01.15 10:02:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.01.14 23:53:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014.01.13 17:49:12 | 001,654,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.01.13 17:49:12 | 000,715,482 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.01.13 17:49:12 | 000,674,948 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.01.13 17:49:12 | 000,148,046 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.01.13 17:49:12 | 000,124,834 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.01.11 21:19:56 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2014.01.11 21:18:52 | 000,001,196 | ---- | M] () -- C:\Users\Prinzessin\Desktop\Startfenster.lnk [2014.01.07 10:18:08 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2014.01.04 15:47:12 | 3406,491,648 | -HS- | M] () -- C:\hiberfil.sys [2014.01.04 15:25:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf [2014.01.01 18:42:41 | 000,000,676 | ---- | M] () -- C:\Users\Prinzessin\Documents\cookie.html [2014.01.01 18:42:40 | 000,000,512 | ---- | M] () -- C:\Users\Prinzessin\Documents\.htaccess [2013.12.29 21:12:11 | 000,027,957 | ---- | M] () -- C:\Users\Prinzessin\Desktop\logo.jpg [2013.12.29 14:34:50 | 000,322,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.12.28 23:00:33 | 008,114,263 | ---- | M] () -- C:\Users\Prinzessin\Desktop\4725693899_2dbf489d5e_o.jpg [2013.12.28 19:57:13 | 000,085,063 | ---- | M] () -- C:\Users\Prinzessin\Desktop\pizzabroetchen.jpg [2013.12.28 18:56:04 | 000,003,495 | ---- | M] () -- C:\Users\Prinzessin\Desktop\wp-config1.php [2013.12.27 23:45:46 | 000,000,071 | ---- | M] () -- C:\Users\Prinzessin\Desktop\index.html [2013.12.27 23:42:51 | 000,000,797 | ---- | M] () -- C:\Users\Prinzessin\Desktop\bodytile2.jpg [2013.12.27 21:06:37 | 000,000,512 | ---- | M] () -- C:\Users\Prinzessin\Desktop\.htaccess.backup [2013.12.23 12:19:32 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.12.18 22:01:03 | 000,001,016 | ---- | M] () -- C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.12.18 22:00:50 | 000,000,994 | ---- | M] () -- C:\Users\Prinzessin\Desktop\Dropbox.lnk ========== Files Created - No Company Name ========== [2014.01.11 21:19:56 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2014.01.11 21:18:52 | 000,001,196 | ---- | C] () -- C:\Users\Prinzessin\Desktop\Startfenster.lnk [2014.01.04 15:25:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf [2014.01.01 18:42:40 | 000,000,676 | ---- | C] () -- C:\Users\Prinzessin\Documents\cookie.html [2014.01.01 18:42:40 | 000,000,512 | ---- | C] () -- C:\Users\Prinzessin\Documents\.htaccess [2013.12.29 21:12:11 | 000,027,957 | ---- | C] () -- C:\Users\Prinzessin\Desktop\logo.jpg [2013.12.29 14:34:40 | 000,322,096 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.12.28 23:00:31 | 008,114,263 | ---- | C] () -- C:\Users\Prinzessin\Desktop\4725693899_2dbf489d5e_o.jpg [2013.12.28 21:19:26 | 000,000,797 | ---- | C] () -- C:\Users\Prinzessin\Desktop\bodytile2.jpg [2013.12.28 19:57:12 | 000,085,063 | ---- | C] () -- C:\Users\Prinzessin\Desktop\pizzabroetchen.jpg [2013.12.28 18:07:17 | 000,000,512 | ---- | C] () -- C:\Users\Prinzessin\Desktop\.htaccess.backup [2013.12.28 16:38:38 | 000,000,961 | ---- | C] () -- C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk [2013.12.27 23:45:46 | 000,000,071 | ---- | C] () -- C:\Users\Prinzessin\Desktop\index.html [2013.12.27 20:56:23 | 000,003,495 | ---- | C] () -- C:\Users\Prinzessin\Desktop\wp-config1.php [2013.12.23 12:19:32 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.09.15 14:38:16 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013.08.22 19:27:42 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini [2013.08.22 19:27:41 | 000,000,483 | ---- | C] () -- C:\Windows\BRWMARK.INI [2013.08.22 19:27:41 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2013.08.15 19:04:00 | 000,000,054 | ---- | C] () -- C:\Users\Prinzessin\.gitconfig [2013.08.15 14:05:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.08.02 07:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.08.02 06:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014.01.15 10:04:27 | 000,000,000 | ---D | M] -- C:\Users\Prinzessin\AppData\Roaming\Dropbox [2014.01.01 21:00:12 | 000,000,000 | ---D | M] -- C:\Users\Prinzessin\AppData\Roaming\FileZilla [2013.12.28 16:38:37 | 000,000,000 | ---D | M] -- C:\Users\Prinzessin\AppData\Roaming\Helios [2013.08.15 19:01:29 | 000,000,000 | ---D | M] -- C:\Users\Prinzessin\AppData\Roaming\Sublime Text 2 ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.09.04 17:44:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.08.22 20:15:48 | 000,000,000 | ---D | M] -- C:\dell [2012.07.26 08:22:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2013.08.15 14:07:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.09.24 18:47:22 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.07.26 08:33:46 | 000,000,000 | ---D | M] -- C:\PerfLogs [2014.01.11 21:19:25 | 000,000,000 | R--D | M] -- C:\Program Files [2014.01.04 18:41:18 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2014.01.04 15:24:47 | 000,000,000 | -H-D | M] -- C:\ProgramData [2013.08.15 14:07:47 | 000,000,000 | -HSD | M] -- C:\Programme [2013.08.15 19:02:13 | 000,000,000 | ---D | M] -- C:\RailsInstaller [2013.08.16 14:31:33 | 000,000,000 | ---D | M] -- C:\Sites [2014.01.14 20:39:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.08.15 14:15:57 | 000,000,000 | R--D | M] -- C:\Users [2014.01.04 15:24:59 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2012.07.26 04:21:04 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2012.09.20 06:55:30 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2012.09.20 06:55:30 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2012.07.26 04:21:04 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2012.07.26 04:21:04 | 000,276,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2012.07.26 08:22:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2013.08.24 16:38:21 | 000,001,126 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013.08.24 16:38:23 | 000,001,130 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2012.07.26 06:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\SysNative\drivers\AGP440.sys [2012.07.26 06:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_81a4c6c9cc9d86a0\AGP440.sys [2012.07.26 06:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\WinSxS\amd64_machine.inf_31bf3856ad364e35_6.2.9200.16384_none_12dc94a048750f71\AGP440.sys < MD5 for: ATAPI.SYS > [2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\drivers\atapi.sys [2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_69660e2be041f47b\atapi.sys [2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_b733d17ea1e7f604\atapi.sys [2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16384_none_3601cf7eab4e0493\atapi.sys [2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16548_none_36311422ab29f479\atapi.sys [2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.20652_none_36a9df45c455182a\atapi.sys < MD5 for: EVENTLOG.DLL > [2013.03.12 16:00:10 | 000,025,600 | ---- | M] () MD5=3296A6B39A35330F1734A79B20B89FDE -- C:\Program Files\XAMPP\perl\vendor\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: EXPLORER.EXE > [2013.06.01 12:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe [2013.06.01 12:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac334d9034c59e1\explorer.exe [2013.10.09 12:09:19 | 000,191,911 | ---- | M] () MD5=388F524C675EA9E21090AA17565F28E6 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe [2013.10.09 12:09:32 | 000,190,101 | ---- | M] () MD5=3EC07FE7A58419107E943C79DA27D9A4 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591aa9850d758e4\explorer.exe [2013.10.07 21:20:13 | 000,220,321 | ---- | M] () MD5=8C66151BA74CDE0A7BA0FA462B40F0F0 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe [2013.10.09 12:09:26 | 000,191,929 | ---- | M] () MD5=950ECF811AB313435E491DAA522CB40B -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe [2013.10.07 21:20:02 | 000,221,955 | ---- | M] () MD5=9D6E440215925FC878DC8433650E3632 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe [2013.10.07 21:20:07 | 000,220,310 | ---- | M] () MD5=B5EC948CBF49AA251543A46706B9118C -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe [2013.06.01 11:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe [2013.06.01 11:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517df2b37ad1bdc\explorer.exe [2013.10.07 21:20:18 | 000,217,360 | ---- | M] () MD5=F1C050040B93B90FEA25EE91344BA1AF -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d00461c7696e9\explorer.exe [2013.10.09 12:09:13 | 000,193,351 | ---- | M] () MD5=F8EAD819A9F15FCDE3279CB61331FCB0 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe < MD5 for: IASTORV.SYS > [2012.07.26 06:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\SysNative\drivers\iaStorV.sys [2012.07.26 06:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_819876bbe5c3b25f\iaStorV.sys [2012.07.26 06:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.2.9200.16384_none_07daf9dd118c3086\iaStorV.sys < MD5 for: NETLOGON.DLL > [2012.07.26 04:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\SysWOW64\netlogon.dll [2012.07.26 04:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_60d608f9f61ee049\netlogon.dll [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\SysNative\netlogon.dll [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_56815ea7c1be1e4e\netlogon.dll < MD5 for: NVSTOR.SYS > [2012.07.26 06:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\SysNative\drivers\nvstor.sys [2012.07.26 06:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_7ba65ba4b222e751\nvstor.sys [2012.07.26 06:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.2.9200.16384_none_92a46a8c48c2da5e\nvstor.sys < MD5 for: SCECLI.DLL > [2012.07.26 04:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\Windows\SysNative\scecli.dll [2012.07.26 04:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_90d789c062dfa509\scecli.dll [2012.07.26 04:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\SysWOW64\scecli.dll [2012.07.26 04:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\WinSxS\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_9b2c341297406704\scecli.dll < MD5 for: USER32.DLL > [2013.10.08 21:28:41 | 000,001,406 | ---- | M] () MD5=065A5147BB4C2E2C717A367C3D4C4A82 -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16384_none_260213a5f720b529\user32.dll [2013.10.09 13:08:06 | 000,000,190 | ---- | M] () MD5=212D1672F2D35824D7BC2EF5B0877FC4 -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16384_none_3056bdf82b817724\user32.dll [2013.10.09 13:08:08 | 000,000,178 | ---- | M] () MD5=9D511F2BB76DDCD260BDAC6A70091BD3 -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.20521_none_311e3b534471206a\user32.dll [2012.09.20 07:33:05 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=A99AD14F26BDA7D7F27F76BC91B7EED7 -- C:\Windows\SysNative\user32.dll [2012.09.20 07:33:05 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=A99AD14F26BDA7D7F27F76BC91B7EED7 -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16420_none_263ef3ebf6f3a54e\user32.dll [2012.09.20 05:10:09 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=BA1C3ACD929A71E88B49C2B6E38F92B3 -- C:\Windows\SysWOW64\user32.dll [2012.09.20 05:10:09 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=BA1C3ACD929A71E88B49C2B6E38F92B3 -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16420_none_30939e3e2b546749\user32.dll [2013.10.08 21:28:42 | 000,001,384 | ---- | M] () MD5=F57B5007FE353F0EBB17BC0CD0FA1A35 -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.20521_none_26c9910110105e6f\user32.dll < MD5 for: USERINIT.EXE > [2012.07.26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe [2012.07.26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe [2012.07.26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe [2012.07.26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe < MD5 for: WINLOGON.EXE > [2013.10.09 11:54:39 | 000,053,889 | ---- | M] () MD5=4887091F1F0994D1C0CF79AF5C7435AA -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe [2013.10.09 11:54:40 | 000,053,884 | ---- | M] () MD5=4D93D525452AEF21EA4197F08F18749B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe [2013.10.09 11:54:41 | 000,001,620 | ---- | M] () MD5=A0B9F5CD3C096769860438272D3C2387 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe [2012.10.11 06:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe [2012.10.11 06:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe [2013.10.09 11:54:40 | 000,053,876 | ---- | M] () MD5=C501F59F4F60237FC7DCE8D2DF882ADC -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe < MD5 for: WS2IFSL.SYS > [2013.10.09 11:20:07 | 000,000,164 | ---- | M] () MD5=4B0F0ADB1EAF1BC7CC984F82BB0A4CE6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.20521_none_a917c5946a81857e\ws2ifsl.sys [2012.09.20 07:09:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BC8B5CB336E63BB25EAD1CE8EDD34B81 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2012.09.20 07:09:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BC8B5CB336E63BB25EAD1CE8EDD34B81 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.16420_none_a88d287f5164cc5d\ws2ifsl.sys [2013.10.09 11:20:06 | 000,001,242 | ---- | M] () MD5=F4CEE9072FB6A65C93F387AB7E7D4E5E -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.16384_none_a85048395191dc38\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2012.10.11 06:06:08 | 000,550,912 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll < %USERPROFILE%\*.* > [2013.08.15 19:04:09 | 000,000,054 | ---- | M] () -- C:\Users\Prinzessin\.gitconfig [2014.01.15 00:02:41 | 001,835,008 | -HS- | M] () -- C:\Users\Prinzessin\NTUSER.DAT [2013.08.15 14:15:58 | 000,184,320 | -HS- | M] () -- C:\Users\Prinzessin\ntuser.dat.LOG1 [2013.08.15 14:15:58 | 000,000,000 | -HS- | M] () -- C:\Users\Prinzessin\ntuser.dat.LOG2 [2013.11.21 12:07:52 | 000,065,536 | -HS- | M] () -- C:\Users\Prinzessin\NTUSER.DAT{42d1338c-d6ff-11e1-9797-a4badb27af46}.TM.blf [2013.11.21 12:07:52 | 000,524,288 | -HS- | M] () -- C:\Users\Prinzessin\NTUSER.DAT{42d1338c-d6ff-11e1-9797-a4badb27af46}.TMContainer00000000000000000001.regtrans-ms [2013.08.15 14:38:10 | 000,524,288 | -HS- | M] () -- C:\Users\Prinzessin\NTUSER.DAT{42d1338c-d6ff-11e1-9797-a4badb27af46}.TMContainer00000000000000000002.regtrans-ms [2013.08.15 14:15:58 | 000,000,020 | -HS- | M] () -- C:\Users\Prinzessin\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 15.01.2014 10:12:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Prinzessin\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,59% Memory free
4,65 Gb Paging File | 3,27 Gb Available in Paging File | 70,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,17 Gb Total Space | 800,94 Gb Free Space | 86,01% Space Free | Partition Type: NTFS
Computer Name: LILLI | User Name: Prinzessin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042C0BA9-9709-402F-8D83-27B821296A68}" = rport=137 | protocol=17 | dir=out | app=system |
"{15ECAC88-7A7E-4323-B854-2BBDEFED4248}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{29C4D931-8BF2-47E9-A32D-A1B82E7AD893}" = rport=445 | protocol=6 | dir=out | app=system |
"{34E225EA-BD80-4C13-8F76-31C73B909620}" = lport=137 | protocol=17 | dir=in | app=system |
"{46634876-FBB7-4F6B-8D40-074DE5ABEA0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4CA1F5DD-BE8B-4996-ABA3-7BAC07A1DC7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55B8F883-5D69-4B55-9518-603C08A52587}" = rport=139 | protocol=6 | dir=out | app=system |
"{573EAA82-1F2E-4DB0-8903-349CAF2B851A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5B91B34D-73F1-463F-B78D-B242CAAE0636}" = lport=138 | protocol=17 | dir=in | app=system |
"{C3F1A3E4-A0BE-47CC-9F9B-18FCB6549D83}" = lport=139 | protocol=6 | dir=in | app=system |
"{F3B86C5F-1F91-419D-A178-C87E17633C8C}" = rport=138 | protocol=17 | dir=out | app=system |
"{F581B47C-ACFD-4A9F-9209-026A109CE72F}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06BFAD8E-0130-41D0-9AF6-5A2764DBB266}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{168EB790-3D3F-4DA9-8990-9134AE65DADC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1A4679AE-FAD1-4692-A371-2F67C3AFC91C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{24A492B4-5145-4F37-B353-4FDF851AFE58}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{39F29D94-6826-4123-BB90-9659D63B0D40}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{3FD84C55-6FB6-45CD-91EA-83BE8BED87C1}" = dir=in | app=c:\program files (x86)\fortinet\forticlient\fcmgr.exe |
"{40772D2E-DA20-4E43-BEF0-036E3B2A5A2B}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{424812B1-3AD4-43C4-AC3E-76C0740A88CA}" = dir=out | name=@{microsoft.zunevideo_1.5.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{42FA766D-939D-4687-B172-570E645C2DF0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{466E7154-AAD3-4051-BDA9-6A4C1B6153FC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{47ACE3F5-4FEF-43CB-8E5B-E8B1B5E6923A}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{47BD74C1-6C5B-4B00-B197-85C6AAA67D45}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{79AEDABB-0BF7-44D0-9E17-58351F6D212D}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{79B2ED5A-C51E-46D6-8246-EDBE24904794}" = dir=in | app=c:\program files (x86)\fortinet\forticlient\fortiproxy.exe |
"{7DC86072-3BAF-41E2-BF09-160F0DD8A6EF}" = protocol=17 | dir=in | app=c:\users\prinzessin\appdata\roaming\dropbox\bin\dropbox.exe |
"{7E0830CE-CB2A-4970-8C3F-5C4BBB33EF6B}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{832FD417-2B48-4244-8D6B-3EC0E4F78ACD}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{8892383D-1AC0-4224-AC7C-1D1D94F3CB85}" = protocol=6 | dir=in | app=c:\users\prinzessin\appdata\roaming\dropbox\bin\dropbox.exe |
"{8C6B77F5-0541-431C-BB97-1521C52F4EC8}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{9D2C5142-E25B-4EC5-98D0-2EB1E24A689B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9DAE4517-D836-402E-A994-4C18165ABF12}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{A31C76C8-8CDC-4B6F-92BB-5593DF35ACE2}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{A47F1BD6-002F-4251-A2C0-261082A92B04}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A520D9FC-A267-41BE-A49D-9ED66E0CD9B2}" = dir=out | name=@{microsoft.bingsports_2.0.0.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{ACF9C4F8-3C3E-4B00-B8C2-EC8EE1607D3C}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{B2078B05-0471-4023-849E-5A28BA8EE88A}" = dir=out | name=@{47482gr8escape.breinbrekers_1.70.13264.1_neutral__tdkxbdjykrnnj?ms-resource://47482gr8escape.breinbrekers/resources/appname/text} |
"{B6CD26FE-F978-45F8-8C8C-DAE3ED070A6F}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B6F600A7-D254-4042-BDCB-DB17BD540AB8}" = dir=in | app=c:\program files (x86)\fortinet\forticlient\ipsec.exe |
"{C3A04135-75A5-4D10-BBC5-A9B59E48E4FA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C67ABD2B-4F47-485B-8B0F-59B6720A5892}" = dir=in | app=c:\program files (x86)\fortinet\forticlient\fortiwad.exe |
"{CAE80B25-9404-4E6B-BE46-7E1BA2EE87EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D34E4FB6-0BB1-47A1-AB14-6009AC478389}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D5955BB7-78A0-4B67-BCD1-5AFBC7AFF86A}" = dir=out | name=@{microsoft.zunemusic_1.4.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{D7CE864E-62A4-4EBD-B53A-85D576AA153F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F8C6AA7D-FBD6-4D6D-B6AD-27B773BEE6E8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FF83CE2E-9173-4642-9924-4C465F269269}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{37C441E1-59A0-44E2-8BB8-C2EF7B468450}C:\users\prinzessin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\prinzessin\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8D95FAF3-B775-4342-B6BD-7221DD53657B}C:\program files\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\program files\xampp\mysql\bin\mysqld.exe |
"TCP Query User{93C27297-718F-472B-ADC6-9E9A28BF5747}C:\railsinstaller\ruby1.9.3\bin\ruby.exe" = protocol=6 | dir=in | app=c:\railsinstaller\ruby1.9.3\bin\ruby.exe |
"TCP Query User{DC0B9CAF-0B8D-4DA6-B0BE-697DAC0FA4BE}C:\program files\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files\xampp\apache\bin\httpd.exe |
"UDP Query User{43CD6CB6-A5A7-495D-BACB-B2A53172D8AF}C:\railsinstaller\ruby1.9.3\bin\ruby.exe" = protocol=17 | dir=in | app=c:\railsinstaller\ruby1.9.3\bin\ruby.exe |
"UDP Query User{551F53D1-9F56-4348-A6A3-9D147FF3F070}C:\program files\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\program files\xampp\mysql\bin\mysqld.exe |
"UDP Query User{AD10EA24-30AF-4B95-BB87-7A8A911672B1}C:\program files\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files\xampp\apache\bin\httpd.exe |
"UDP Query User{D193A6CD-AB70-4580-B02B-C6547ED1F48E}C:\users\prinzessin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\prinzessin\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour-Druckdienste
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B897488-D57A-4BC6-90A1-018F1825E2E5}" = FortiClient
"{52C23381-8FED-4DB0-A07F-CCE9C9061475}" = TextPad 7
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"Sublime Text 2_is1" = Sublime Text 2.0.2
"VLC media player" = VLC media player 2.1.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.04
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.7.0
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Deutsch
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"FileZilla Client" = FileZilla Client 3.7.3
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"JabRef 2.9.2" = JabRef 2.9.2
"MiKTeX 2.9" = MiKTeX 2.9
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nightly 29.0a1 (x86 en-US)" = Nightly 29.0a1 (x86 en-US)
"TeXnicCenter_is1" = TeXnicCenter Version 2.02 Stable
"xampp" = XAMPP
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{613C3EA5-1248-4E35-B61A-6D0B31BBC0DB}_is1" = RailsInstaller 2.2.2
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.01.2014 17:29:20 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11.01.2014 17:29:20 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1513
Error - 11.01.2014 17:29:20 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1513
Error - 11.01.2014 17:29:21 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11.01.2014 17:29:21 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2979
Error - 11.01.2014 17:29:21 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2979
Error - 13.01.2014 10:31:28 | Computer Name = Lilli | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error - 14.01.2014 13:56:01 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 14.01.2014 13:56:01 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1497
Error - 14.01.2014 13:56:01 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1497
[ System Events ]
Error - 13.01.2014 13:01:33 | Computer Name = Lilli | Source = DCOM | ID = 10010
Description =
Error - 13.01.2014 13:01:33 | Computer Name = Lilli | Source = DCOM | ID = 10010
Description =
Error - 13.01.2014 13:01:33 | Computer Name = Lilli | Source = DCOM | ID = 10010
Description =
Error - 13.01.2014 13:01:33 | Computer Name = Lilli | Source = DCOM | ID = 10010
Description =
Error - 13.01.2014 13:01:33 | Computer Name = Lilli | Source = DCOM | ID = 10010
Description =
Error - 13.01.2014 13:01:33 | Computer Name = Lilli | Source = DCOM | ID = 10010
Description =
Error - 13.01.2014 13:01:33 | Computer Name = Lilli | Source = DCOM | ID = 10010
Description =
Error - 14.01.2014 12:11:42 | Computer Name = Lilli | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 14.01.2014 13:03:36 | Computer Name = Lilli | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 14.01.2014 13:56:02 | Computer Name = Lilli | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
< End of report >
|
|
15.01.2014, 10:57
| #2 |
| /// the machine /// TB-Ausbilder    | VLC von der falschen Seite geladen.. hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
15.01.2014, 11:47
| #3 |
| | VLC von der falschen Seite geladen.. Hallo,
__________________danke für die schnell Hilfe. Hier die beiden Logs. FRST-txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by Prinzessin (administrator) on LILLI on 15-01-2014 11:44:39
Running from C:\Users\Prinzessin\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official downoad link fo FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Dropbox, Inc.) C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE3CA919EFC03CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - DefaultScope {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
FireFox:
========
FF ProfilePath: C:\Users\Prinzessin\AppData\Roaming\Mozilla\Firefox\Profiles\jp8va1ae.default
FF Homepage: hxxp://www.startfenster.de
FF NetworkProxy: "http", "proxy.fh-brandenburg.de"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-08-24]
CHR Extension: (Google Drive) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-08-24]
CHR Extension: (YouTube) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-08-24]
CHR Extension: (Google Search) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-08-24]
CHR Extension: (iCloud Bookmarks) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0 [2013-12-14]
CHR Extension: (Hola Better Internet) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.2.290_0 [2014-01-01]
CHR Extension: (Google Wallet) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-26]
CHR Extension: (Gmail) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2013-08-24]
==================== Services (Whitelisted) =================
U2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
U2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [73746 2012-08-14] (Fortinet Inc.)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
U3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
U3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [15656 2012-08-14] (Fortinet Inc)
U1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [23928 2011-09-09] (Fortinet Inc)
U3 Fortips; C:\Windows\System32\drivers\fortips.sys [126760 2012-08-14] (Fortinet Inc)
U3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [46888 2012-08-14] (Fortinet Inc)
U3 ft_vnic; C:\Windows\system32\DRIVERS\ftvnic.sys [16928 2011-03-21] (Fortinet Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-15 11:44 - 2014-01-15 11:44 - 00011023 _____ C:\Users\Prinzessin\Desktop\FRST.txt
2014-01-15 11:44 - 2014-01-15 11:44 - 00000000 ____D C:\FRST
2014-01-15 11:43 - 2014-01-15 11:43 - 02076160 _____ (Farbar) C:\Users\Prinzessin\Desktop\FRST64.exe
2014-01-15 10:31 - 2014-01-15 10:39 - 00048596 _____ C:\Users\Prinzessin\Desktop\Extras.Txt
2014-01-15 10:31 - 2014-01-15 10:32 - 00133010 _____ C:\Users\Prinzessin\Desktop\OTL.Txt
2014-01-15 10:10 - 2014-01-15 10:10 - 00602112 _____ (OldTimer Tools) C:\Users\Prinzessin\Desktop\OTL.exe
2014-01-11 21:21 - 2014-01-11 21:21 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\vlc
2014-01-11 21:19 - 2014-01-11 21:19 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 21:19 - 2014-01-11 21:19 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 21:18 - 2014-01-11 21:18 - 00001196 _____ C:\Users\Prinzessin\Desktop\Startfenster.lnk
2014-01-11 21:18 - 2014-01-11 21:18 - 00001196 _____ C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
2014-01-11 21:01 - 2014-01-11 21:02 - 24738792 _____ C:\Users\Prinzessin\Downloads\vlc-2.1.2-win64.exe
2014-01-06 20:39 - 2014-01-06 20:39 - 00518875 _____ C:\Users\Prinzessin\Downloads\HA_Statistic.zip
2014-01-06 20:39 - 2014-01-06 20:39 - 00000000 ____D C:\Users\Prinzessin\Downloads\HA_Statistic
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D C:\Program Files\DellTPad
2014-01-04 15:24 - 2014-01-04 15:32 - 00004928 _____ C:\Windows\DPINST.LOG
2014-01-04 15:24 - 2014-01-04 15:24 - 00000000 ____D C:\ProgramData\Dell
2014-01-04 15:24 - 2012-09-19 06:46 - 00447864 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys
2014-01-04 15:24 - 2012-05-17 14:08 - 00113048 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2014-01-04 15:24 - 2009-07-14 09:51 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-01-04 15:18 - 2014-01-04 15:24 - 69095472 _____ (Dell Inc.) C:\Users\Prinzessin\Downloads\Input_Driver_FGG85_WN_8.1200.101.214_A02.EXE
2014-01-04 15:16 - 2014-01-04 15:16 - 10121992 _____ C:\Users\Prinzessin\Downloads\Tocuhpad treiber.exe
2014-01-01 21:47 - 2014-01-01 21:47 - 00000000 ____D C:\Program Files (x86)\Nightly
2014-01-01 18:43 - 2014-01-01 18:53 - 00000000 ____D C:\Users\Prinzessin\Documents\Kiwilicious
2014-01-01 18:42 - 2014-01-01 18:42 - 00000676 _____ C:\Users\Prinzessin\Documents\cookie.html
2014-01-01 18:42 - 2014-01-01 18:42 - 00000512 _____ C:\Users\Prinzessin\Documents\.htaccess
2013-12-29 20:21 - 2013-12-29 20:21 - 00000000 ____D C:\Users\Prinzessin\Desktop\uploads
2013-12-29 14:34 - 2013-12-29 14:34 - 00322096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o.psd
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o (1).psd
2013-12-28 19:51 - 2014-01-01 18:45 - 00000000 ____D C:\Users\Prinzessin\Documents\XAMPP
2013-12-28 19:30 - 2013-12-28 19:30 - 00055224 _____ C:\Users\Prinzessin\Downloads\backerinchen.wordpress.2013-12-28.xml
2013-12-28 19:24 - 2013-12-28 19:24 - 00162710 _____ C:\Users\Prinzessin\Downloads\kiwilicious.wordpress.2013-12-28.xml
2013-12-28 19:15 - 2013-12-28 19:15 - 00000000 ____D C:\Users\Prinzessin\Downloads\wordpress-3.8
2013-12-28 19:12 - 2013-12-28 19:13 - 06367550 _____ C:\Users\Prinzessin\Downloads\wordpress-3.8.zip
2013-12-28 18:59 - 2013-12-28 18:59 - 00003217 _____ C:\Users\Prinzessin\Downloads\wp-config.php
2013-12-28 18:07 - 2013-12-27 21:06 - 00000512 _____ C:\Users\Prinzessin\Desktop\.htaccess.backup
2013-12-28 17:41 - 2013-12-28 17:41 - 03026171 _____ C:\Users\Prinzessin\Downloads\localhost.sql
2013-12-28 16:50 - 2013-12-28 17:42 - 00000000 ____D C:\Program Files\XAMPP
2013-12-28 16:47 - 2013-12-28 16:48 - 123794144 _____ (BitNami) C:\Users\Prinzessin\Downloads\xampp-win32-1.8.3-2-VC11-installer.exe
2013-12-28 16:38 - 2013-12-28 16:43 - 00000961 _____ C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Helios
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Program Files\TextPad 7
2013-12-28 16:37 - 2013-12-28 16:37 - 00000000 ____D C:\Users\Prinzessin\Downloads\txpdeu710
2013-12-28 16:22 - 2013-12-28 16:22 - 02842038 _____ C:\Users\Prinzessin\Downloads\bueno.zip
2013-12-28 16:21 - 2013-12-28 16:21 - 05173196 _____ C:\Users\Prinzessin\Downloads\irresistible.zip
2013-12-27 23:45 - 2013-12-27 23:45 - 00000071 _____ C:\Users\Prinzessin\Desktop\index.html
2013-12-27 22:36 - 2013-12-27 22:36 - 01621358 _____ C:\Users\Prinzessin\Downloads\customizr.3.1.5.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 01651587 _____ C:\Users\Prinzessin\Downloads\hueman.1.2.7.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 00000000 ____D C:\Users\Prinzessin\Downloads\hueman.1.2.7
2013-12-27 21:46 - 2013-12-27 21:46 - 00000000 ____D C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht
2013-12-27 21:45 - 2013-12-27 21:45 - 00029708 _____ C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht.zip
2013-12-27 21:06 - 2013-12-27 21:10 - 00000000 ____D C:\Users\Prinzessin\Desktop\Kiwilicious Backup 27.12
2013-12-27 20:56 - 2013-12-28 18:56 - 00003495 _____ C:\Users\Prinzessin\Desktop\wp-config1.php
2013-12-23 12:19 - 2013-12-23 12:19 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\Program Files\iTunes
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-23 12:18 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iPod
==================== One Month Modified Files and Folders =======
2014-01-15 11:44 - 2014-01-15 11:44 - 00011023 _____ C:\Users\Prinzessin\Desktop\FRST.txt
2014-01-15 11:44 - 2014-01-15 11:44 - 00000000 ____D C:\FRST
2014-01-15 11:43 - 2014-01-15 11:43 - 02076160 _____ (Farbar) C:\Users\Prinzessin\Desktop\FRST64.exe
2014-01-15 11:18 - 2013-08-15 14:15 - 02028891 _____ C:\Windows\WindowsUpdate.log
2014-01-15 11:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-15 10:53 - 2013-08-24 16:38 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-15 10:39 - 2014-01-15 10:31 - 00048596 _____ C:\Users\Prinzessin\Desktop\Extras.Txt
2014-01-15 10:32 - 2014-01-15 10:31 - 00133010 _____ C:\Users\Prinzessin\Desktop\OTL.Txt
2014-01-15 10:10 - 2014-01-15 10:10 - 00602112 _____ (OldTimer Tools) C:\Users\Prinzessin\Desktop\OTL.exe
2014-01-15 10:08 - 2013-08-15 14:22 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3751189097-2915931777-4004511958-1001
2014-01-15 10:04 - 2013-08-22 17:46 - 00000000 ___RD C:\Users\Prinzessin\Documents\Dropbox
2014-01-15 10:04 - 2013-08-22 17:42 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Dropbox
2014-01-15 10:03 - 2013-08-24 16:38 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-15 10:03 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-13 17:49 - 2012-07-26 11:27 - 00715482 _____ C:\Windows\system32\perfh007.dat
2014-01-13 17:49 - 2012-07-26 11:27 - 00148046 _____ C:\Windows\system32\perfc007.dat
2014-01-13 17:49 - 2012-07-26 08:28 - 01654648 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-11 21:21 - 2014-01-11 21:21 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\vlc
2014-01-11 21:19 - 2014-01-11 21:19 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 21:19 - 2014-01-11 21:19 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 21:18 - 2014-01-11 21:18 - 00001196 _____ C:\Users\Prinzessin\Desktop\Startfenster.lnk
2014-01-11 21:18 - 2014-01-11 21:18 - 00001196 _____ C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
2014-01-11 21:15 - 2013-09-24 18:47 - 00000000 ____D C:\Users\Prinzessin\AppData\Local\Microsoft Help
2014-01-11 21:02 - 2014-01-11 21:01 - 24738792 _____ C:\Users\Prinzessin\Downloads\vlc-2.1.2-win64.exe
2014-01-09 12:16 - 2012-07-26 08:21 - 00017735 _____ C:\Windows\setupact.log
2014-01-06 20:39 - 2014-01-06 20:39 - 00518875 _____ C:\Users\Prinzessin\Downloads\HA_Statistic.zip
2014-01-06 20:39 - 2014-01-06 20:39 - 00000000 ____D C:\Users\Prinzessin\Downloads\HA_Statistic
2014-01-04 18:41 - 2013-08-24 10:56 - 00000000 ____D C:\Program Files (x86)\Nightly.bak
2014-01-04 18:41 - 2013-08-15 18:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-04 15:47 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 15:46 - 2012-07-26 06:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2014-01-04 15:32 - 2014-01-04 15:24 - 00004928 _____ C:\Windows\DPINST.LOG
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D C:\Program Files\DellTPad
2014-01-04 15:24 - 2014-01-04 15:24 - 00000000 ____D C:\ProgramData\Dell
2014-01-04 15:24 - 2014-01-04 15:18 - 69095472 _____ (Dell Inc.) C:\Users\Prinzessin\Downloads\Input_Driver_FGG85_WN_8.1200.101.214_A02.EXE
2014-01-04 15:16 - 2014-01-04 15:16 - 10121992 _____ C:\Users\Prinzessin\Downloads\Tocuhpad treiber.exe
2014-01-01 21:47 - 2014-01-01 21:47 - 00000000 ____D C:\Program Files (x86)\Nightly
2014-01-01 21:00 - 2013-12-01 21:33 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\FileZilla
2014-01-01 18:53 - 2014-01-01 18:43 - 00000000 ____D C:\Users\Prinzessin\Documents\Kiwilicious
2014-01-01 18:45 - 2013-12-28 19:51 - 00000000 ____D C:\Users\Prinzessin\Documents\XAMPP
2014-01-01 18:42 - 2014-01-01 18:42 - 00000676 _____ C:\Users\Prinzessin\Documents\cookie.html
2014-01-01 18:42 - 2014-01-01 18:42 - 00000512 _____ C:\Users\Prinzessin\Documents\.htaccess
2013-12-29 20:21 - 2013-12-29 20:21 - 00000000 ____D C:\Users\Prinzessin\Desktop\uploads
2013-12-29 14:34 - 2013-12-29 14:34 - 00322096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o.psd
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o (1).psd
2013-12-28 19:30 - 2013-12-28 19:30 - 00055224 _____ C:\Users\Prinzessin\Downloads\backerinchen.wordpress.2013-12-28.xml
2013-12-28 19:24 - 2013-12-28 19:24 - 00162710 _____ C:\Users\Prinzessin\Downloads\kiwilicious.wordpress.2013-12-28.xml
2013-12-28 19:15 - 2013-12-28 19:15 - 00000000 ____D C:\Users\Prinzessin\Downloads\wordpress-3.8
2013-12-28 19:13 - 2013-12-28 19:12 - 06367550 _____ C:\Users\Prinzessin\Downloads\wordpress-3.8.zip
2013-12-28 18:59 - 2013-12-28 18:59 - 00003217 _____ C:\Users\Prinzessin\Downloads\wp-config.php
2013-12-28 18:56 - 2013-12-27 20:56 - 00003495 _____ C:\Users\Prinzessin\Desktop\wp-config1.php
2013-12-28 17:42 - 2013-12-28 16:50 - 00000000 ____D C:\Program Files\XAMPP
2013-12-28 17:41 - 2013-12-28 17:41 - 03026171 _____ C:\Users\Prinzessin\Downloads\localhost.sql
2013-12-28 16:48 - 2013-12-28 16:47 - 123794144 _____ (BitNami) C:\Users\Prinzessin\Downloads\xampp-win32-1.8.3-2-VC11-installer.exe
2013-12-28 16:43 - 2013-12-28 16:38 - 00000961 _____ C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Helios
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Program Files\TextPad 7
2013-12-28 16:37 - 2013-12-28 16:37 - 00000000 ____D C:\Users\Prinzessin\Downloads\txpdeu710
2013-12-28 16:22 - 2013-12-28 16:22 - 02842038 _____ C:\Users\Prinzessin\Downloads\bueno.zip
2013-12-28 16:21 - 2013-12-28 16:21 - 05173196 _____ C:\Users\Prinzessin\Downloads\irresistible.zip
2013-12-27 23:45 - 2013-12-27 23:45 - 00000071 _____ C:\Users\Prinzessin\Desktop\index.html
2013-12-27 22:36 - 2013-12-27 22:36 - 01621358 _____ C:\Users\Prinzessin\Downloads\customizr.3.1.5.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 01651587 _____ C:\Users\Prinzessin\Downloads\hueman.1.2.7.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 00000000 ____D C:\Users\Prinzessin\Downloads\hueman.1.2.7
2013-12-27 21:46 - 2013-12-27 21:46 - 00000000 ____D C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht
2013-12-27 21:45 - 2013-12-27 21:45 - 00029708 _____ C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht.zip
2013-12-27 21:10 - 2013-12-27 21:06 - 00000000 ____D C:\Users\Prinzessin\Desktop\Kiwilicious Backup 27.12
2013-12-27 21:06 - 2013-12-28 18:07 - 00000512 _____ C:\Users\Prinzessin\Desktop\.htaccess.backup
2013-12-23 12:38 - 2013-09-24 18:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-12-23 12:19 - 2013-12-23 12:19 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iTunes
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-23 12:18 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iPod
2013-12-18 22:01 - 2013-08-15 14:16 - 00000000 ___RD C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-18 22:00 - 2013-08-22 17:46 - 00000994 _____ C:\Users\Prinzessin\Desktop\Dropbox.lnk
2013-12-18 22:00 - 2013-08-22 17:44 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
Some content of TEMP:
====================
C:\Users\Prinzessin\AppData\Local\Temp\ose00000.exe
C:\Users\Prinzessin\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Prinzessin\AppData\Local\Temp\sqlite3.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-13 18:01
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2014
Ran by Prinzessin at 2014-01-15 11:45:31
Running from C:\Users\Prinzessin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Bonjour-Druckdienste (Version: 2.0.2.0 - Apple Inc.)
Dell Touchpad (Version: 8.1200.101.214 - ALPS ELECTRIC CO., LTD.)
Dropbox (HKCU Version: 2.4.10 - Dropbox, Inc.)
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
FortiClient (Version: 4.3.5.0472 - Fortinet Inc)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
iCloud (Version: 3.1.0.40 - Apple Inc.)
iTunes (Version: 11.1.3.8 - Apple Inc.)
JabRef 2.9.2 (x32 Version: 2.9.2 - JabRef Team)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
MiKTeX 2.9 (x32 Version: 2.9 - MiKTeX.org)
Mozilla Maintenance Service (x32 Version: 29.0a1 - Mozilla)
Nightly 29.0a1 (x86 en-US) (x32 Version: 29.0a1 - Mozilla)
PDF24 Creator 5.7.0 (x32 Version: - PDF24.org)
RailsInstaller 2.2.2 (HKCU Version: 2.2.2 - RailsInstaller Team)
RICOH Media Driver ver.2.07.01.04 (x32 Version: 2.07.01.04 - RICOH)
Sublime Text 2.0.2 (Version: - )
TeXnicCenter Version 2.02 Stable (x32 Version: 2.02 Stable - The TeXnicCenter Team)
TextPad 7 (Version: 7.1.0 - Helios)
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
XAMPP (x32 Version: 1.8.3-2 - BitNami)
==================== Restore Points =========================
28-12-2013 15:37:39 Installed TextPad 7.
06-01-2014 20:34:35 Geplanter Prüfpunkt
14-01-2014 19:39:41 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {56B273B0-6F12-48C3-9F32-AE2F82709198} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-24] (Google Inc.)
Task: {7F03450C-90B3-4689-97A2-25047A3BCB5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-24] (Google Inc.)
Task: {82EC5401-92A6-4D8A-860A-215AA77AB561} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {9D912DB4-DC92-4C77-9299-4075563CAB6D} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-08-16 15:14 - 2013-08-16 15:14 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-14 16:05 - 2012-08-14 16:05 - 00323584 _____ () C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\libcef.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2012-09-23 19:43 - 2012-09-23 19:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2013-08-07 20:25 - 2013-08-07 20:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-12-05 21:55 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 21:55 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 21:55 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 21:55 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 21:55 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
Name: Broadcom NetLink (TM)-Gigabit-Ethernet
Description: Broadcom NetLink (TM)-Gigabit-Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: k57nd60a
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Der angeforderte Dienst wurde bereits gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
==================== Memory info ===========================
Percentage of memory in use: 51%
Total physical RAM: 4060.86 MB
Available physical RAM: 1986.84 MB
Total Pagefile: 4764.86 MB
Available Pagefile: 2514.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.17 GB) (Free:800.83 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F4501180)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
16.01.2014, 08:34
| #4 |
| /// the machine /// TB-Ausbilder | VLC von der falschen Seite geladen.. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.01.2014, 13:52
| #5 |
| | VLC von der falschen Seite geladen.. Sorry, dass ich mich jetzt erst wieder melde. Ich konnte leider die letzten zwei Tage mit dem PC nicht ins Internet. Also hier die Logs: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.18.02 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16750 Prinzessin :: LILLI [Administrator] 18.01.2014 13:12:52 mbam-log-2014-01-18 (13-12-52).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205828 Laufzeit: 6 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Prinzessin\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe (PUP.Optional.Spigot.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 18/01/2014 um 13:27:13
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 8 Pro (64 bits)
# Benutzername : Prinzessin - LILLI
# Gestartet von : C:\Users\Prinzessin\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Prinzessin\Desktop\Startfenster.lnk
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v
[ Datei : C:\Users\Prinzessin\AppData\Roaming\Mozilla\Firefox\Profiles\jp8va1ae.default\prefs.js ]
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.startfenster.de");
-\\ Google Chrome v31.0.1650.63
[ Datei : C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1369 octets] - [18/01/2014 13:25:19]
AdwCleaner[S0].txt - [1270 octets] - [18/01/2014 13:27:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1330 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8 Pro x64
Ran by Prinzessin on 18.01.2014 at 13:33:11,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Users\Prinzessin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\taskbar\startfenster.lnk"
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.01.2014 at 13:42:06,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by Prinzessin (administrator) on LILLI on 18-01-2014 13:47:12
Running from C:\Users\Prinzessin\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCHelper.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE3CA919EFC03CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
FireFox:
========
FF ProfilePath: C:\Users\Prinzessin\AppData\Roaming\Mozilla\Firefox\Profiles\jp8va1ae.default
FF NetworkProxy: "http", "proxy.fh-brandenburg.de"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-08-24]
CHR Extension: (Google Drive) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-08-24]
CHR Extension: (YouTube) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-08-24]
CHR Extension: (Google Search) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-08-24]
CHR Extension: (iCloud Bookmarks) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0 [2013-12-14]
CHR Extension: (Hola Better Internet) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.2.395_0 [2014-01-15]
CHR Extension: (Google Wallet) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-26]
CHR Extension: (Gmail) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2013-08-24]
==================== Services (Whitelisted) =================
U2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
U2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [73746 2012-08-14] (Fortinet Inc.)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
U3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
U3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [15656 2012-08-14] (Fortinet Inc)
U1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [23928 2011-09-09] (Fortinet Inc)
U3 Fortips; C:\Windows\System32\drivers\fortips.sys [126760 2012-08-14] (Fortinet Inc)
U3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [46888 2012-08-14] (Fortinet Inc)
U3 ft_vnic; C:\Windows\system32\DRIVERS\ftvnic.sys [16928 2011-03-21] (Fortinet Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-18 13:42 - 2014-01-18 13:46 - 00000769 _____ C:\Users\Prinzessin\Desktop\JRT.txt
2014-01-18 13:33 - 2014-01-18 13:33 - 00000000 ____D C:\Windows\ERUNT
2014-01-18 13:31 - 2014-01-18 13:31 - 01037068 _____ (Thisisu) C:\Users\Prinzessin\Desktop\JRT.exe
2014-01-18 13:30 - 2014-01-18 13:30 - 00001410 _____ C:\Users\Prinzessin\Desktop\AdwCleaner[S0].txt
2014-01-18 13:25 - 2014-01-18 13:27 - 00000000 ____D C:\AdwCleaner
2014-01-18 13:09 - 2014-01-18 13:09 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Malwarebytes
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 13:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-18 13:08 - 2014-01-18 13:08 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Prinzessin\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 13:08 - 2014-01-18 13:08 - 01236282 _____ C:\Users\Prinzessin\Desktop\adwcleaner.exe
2014-01-15 11:45 - 2014-01-15 11:45 - 00011156 _____ C:\Users\Prinzessin\Desktop\Addition.txt
2014-01-15 11:44 - 2014-01-18 13:47 - 00009180 _____ C:\Users\Prinzessin\Desktop\FRST.txt
2014-01-15 11:44 - 2014-01-15 11:44 - 00000000 ____D C:\FRST
2014-01-15 11:43 - 2014-01-15 11:43 - 02076160 _____ (Farbar) C:\Users\Prinzessin\Desktop\FRST64.exe
2014-01-15 11:08 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 11:08 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 11:08 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 11:08 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 11:08 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-15 11:08 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-15 11:08 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-15 11:08 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-15 11:08 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-15 11:08 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-15 11:08 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-15 11:08 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-15 11:08 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-15 11:08 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-15 11:08 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-15 10:31 - 2014-01-15 10:39 - 00048596 _____ C:\Users\Prinzessin\Desktop\Extras.Txt
2014-01-15 10:31 - 2014-01-15 10:32 - 00133010 _____ C:\Users\Prinzessin\Desktop\OTL.Txt
2014-01-15 10:10 - 2014-01-15 10:10 - 00602112 _____ (OldTimer Tools) C:\Users\Prinzessin\Desktop\OTL.exe
2014-01-11 21:21 - 2014-01-11 21:21 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\vlc
2014-01-11 21:19 - 2014-01-11 21:19 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 21:19 - 2014-01-11 21:19 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 21:01 - 2014-01-11 21:02 - 24738792 _____ C:\Users\Prinzessin\Downloads\vlc-2.1.2-win64.exe
2014-01-06 20:39 - 2014-01-06 20:39 - 00518875 _____ C:\Users\Prinzessin\Downloads\HA_Statistic.zip
2014-01-06 20:39 - 2014-01-06 20:39 - 00000000 ____D C:\Users\Prinzessin\Downloads\HA_Statistic
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D C:\Program Files\DellTPad
2014-01-04 15:24 - 2014-01-04 15:32 - 00004928 _____ C:\Windows\DPINST.LOG
2014-01-04 15:24 - 2014-01-04 15:24 - 00000000 ____D C:\ProgramData\Dell
2014-01-04 15:24 - 2012-09-19 06:46 - 00447864 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys
2014-01-04 15:24 - 2012-05-17 14:08 - 00113048 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2014-01-04 15:24 - 2009-07-14 09:51 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-01-04 15:18 - 2014-01-04 15:24 - 69095472 _____ (Dell Inc.) C:\Users\Prinzessin\Downloads\Input_Driver_FGG85_WN_8.1200.101.214_A02.EXE
2014-01-04 15:16 - 2014-01-04 15:16 - 10121992 _____ C:\Users\Prinzessin\Downloads\Tocuhpad treiber.exe
2014-01-01 21:47 - 2014-01-01 21:47 - 00000000 ____D C:\Program Files (x86)\Nightly
2014-01-01 18:43 - 2014-01-01 18:53 - 00000000 ____D C:\Users\Prinzessin\Documents\Kiwilicious
2014-01-01 18:42 - 2014-01-01 18:42 - 00000676 _____ C:\Users\Prinzessin\Documents\cookie.html
2014-01-01 18:42 - 2014-01-01 18:42 - 00000512 _____ C:\Users\Prinzessin\Documents\.htaccess
2013-12-29 20:21 - 2013-12-29 20:21 - 00000000 ____D C:\Users\Prinzessin\Desktop\uploads
2013-12-29 14:34 - 2013-12-29 14:34 - 00322096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o.psd
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o (1).psd
2013-12-28 19:51 - 2014-01-01 18:45 - 00000000 ____D C:\Users\Prinzessin\Documents\XAMPP
2013-12-28 19:30 - 2013-12-28 19:30 - 00055224 _____ C:\Users\Prinzessin\Downloads\backerinchen.wordpress.2013-12-28.xml
2013-12-28 19:24 - 2013-12-28 19:24 - 00162710 _____ C:\Users\Prinzessin\Downloads\kiwilicious.wordpress.2013-12-28.xml
2013-12-28 19:15 - 2013-12-28 19:15 - 00000000 ____D C:\Users\Prinzessin\Downloads\wordpress-3.8
2013-12-28 19:12 - 2013-12-28 19:13 - 06367550 _____ C:\Users\Prinzessin\Downloads\wordpress-3.8.zip
2013-12-28 18:59 - 2013-12-28 18:59 - 00003217 _____ C:\Users\Prinzessin\Downloads\wp-config.php
2013-12-28 18:07 - 2013-12-27 21:06 - 00000512 _____ C:\Users\Prinzessin\Desktop\.htaccess.backup
2013-12-28 17:41 - 2013-12-28 17:41 - 03026171 _____ C:\Users\Prinzessin\Downloads\localhost.sql
2013-12-28 16:50 - 2013-12-28 17:42 - 00000000 ____D C:\Program Files\XAMPP
2013-12-28 16:47 - 2013-12-28 16:48 - 123794144 _____ (BitNami) C:\Users\Prinzessin\Downloads\xampp-win32-1.8.3-2-VC11-installer.exe
2013-12-28 16:38 - 2013-12-28 16:43 - 00000961 _____ C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Helios
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Program Files\TextPad 7
2013-12-28 16:37 - 2013-12-28 16:37 - 00000000 ____D C:\Users\Prinzessin\Downloads\txpdeu710
2013-12-28 16:22 - 2013-12-28 16:22 - 02842038 _____ C:\Users\Prinzessin\Downloads\bueno.zip
2013-12-28 16:21 - 2013-12-28 16:21 - 05173196 _____ C:\Users\Prinzessin\Downloads\irresistible.zip
2013-12-27 23:45 - 2013-12-27 23:45 - 00000071 _____ C:\Users\Prinzessin\Desktop\index.html
2013-12-27 22:36 - 2013-12-27 22:36 - 01621358 _____ C:\Users\Prinzessin\Downloads\customizr.3.1.5.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 01651587 _____ C:\Users\Prinzessin\Downloads\hueman.1.2.7.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 00000000 ____D C:\Users\Prinzessin\Downloads\hueman.1.2.7
2013-12-27 21:46 - 2013-12-27 21:46 - 00000000 ____D C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht
2013-12-27 21:45 - 2013-12-27 21:45 - 00029708 _____ C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht.zip
2013-12-27 21:06 - 2013-12-27 21:10 - 00000000 ____D C:\Users\Prinzessin\Desktop\Kiwilicious Backup 27.12
2013-12-27 20:56 - 2013-12-28 18:56 - 00003495 _____ C:\Users\Prinzessin\Desktop\wp-config1.php
2013-12-23 12:19 - 2013-12-23 12:19 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\Program Files\iTunes
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-23 12:18 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iPod
==================== One Month Modified Files and Folders =======
2014-01-18 13:47 - 2014-01-15 11:44 - 00009180 _____ C:\Users\Prinzessin\Desktop\FRST.txt
2014-01-18 13:46 - 2014-01-18 13:42 - 00000769 _____ C:\Users\Prinzessin\Desktop\JRT.txt
2014-01-18 13:46 - 2013-08-15 14:22 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3751189097-2915931777-4004511958-1001
2014-01-18 13:36 - 2013-08-22 17:42 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Dropbox
2014-01-18 13:33 - 2014-01-18 13:33 - 00000000 ____D C:\Windows\ERUNT
2014-01-18 13:31 - 2014-01-18 13:31 - 01037068 _____ (Thisisu) C:\Users\Prinzessin\Desktop\JRT.exe
2014-01-18 13:31 - 2013-08-22 17:46 - 00000000 ___RD C:\Users\Prinzessin\Documents\Dropbox
2014-01-18 13:30 - 2014-01-18 13:30 - 00001410 _____ C:\Users\Prinzessin\Desktop\AdwCleaner[S0].txt
2014-01-18 13:29 - 2013-08-24 16:38 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-18 13:29 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-18 13:28 - 2012-07-26 06:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2014-01-18 13:27 - 2014-01-18 13:25 - 00000000 ____D C:\AdwCleaner
2014-01-18 13:22 - 2013-08-15 14:15 - 01262771 _____ C:\Windows\WindowsUpdate.log
2014-01-18 13:22 - 2013-08-15 14:04 - 00004044 _____ C:\Windows\PFRO.log
2014-01-18 13:11 - 2013-08-22 17:46 - 00000994 _____ C:\Users\Prinzessin\Desktop\Dropbox.lnk
2014-01-18 13:11 - 2013-08-22 17:44 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-18 13:11 - 2013-08-15 14:16 - 00000000 ___RD C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-18 13:09 - 2014-01-18 13:09 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Malwarebytes
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 13:08 - 2014-01-18 13:08 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Prinzessin\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 13:08 - 2014-01-18 13:08 - 01236282 _____ C:\Users\Prinzessin\Desktop\adwcleaner.exe
2014-01-18 13:04 - 2013-08-15 18:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-17 17:01 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-17 15:54 - 2013-08-24 16:38 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-15 12:21 - 2013-09-24 18:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 12:18 - 2013-08-15 18:20 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 12:18 - 2013-08-15 18:20 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 12:18 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2014-01-15 11:45 - 2014-01-15 11:45 - 00011156 _____ C:\Users\Prinzessin\Desktop\Addition.txt
2014-01-15 11:44 - 2014-01-15 11:44 - 00000000 ____D C:\FRST
2014-01-15 11:43 - 2014-01-15 11:43 - 02076160 _____ (Farbar) C:\Users\Prinzessin\Desktop\FRST64.exe
2014-01-15 10:39 - 2014-01-15 10:31 - 00048596 _____ C:\Users\Prinzessin\Desktop\Extras.Txt
2014-01-15 10:32 - 2014-01-15 10:31 - 00133010 _____ C:\Users\Prinzessin\Desktop\OTL.Txt
2014-01-15 10:10 - 2014-01-15 10:10 - 00602112 _____ (OldTimer Tools) C:\Users\Prinzessin\Desktop\OTL.exe
2014-01-15 10:03 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-13 17:49 - 2012-07-26 11:27 - 00715482 _____ C:\Windows\system32\perfh007.dat
2014-01-13 17:49 - 2012-07-26 11:27 - 00148046 _____ C:\Windows\system32\perfc007.dat
2014-01-13 17:49 - 2012-07-26 08:28 - 01654648 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-11 21:21 - 2014-01-11 21:21 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\vlc
2014-01-11 21:19 - 2014-01-11 21:19 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 21:19 - 2014-01-11 21:19 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 21:15 - 2013-09-24 18:47 - 00000000 ____D C:\Users\Prinzessin\AppData\Local\Microsoft Help
2014-01-11 21:02 - 2014-01-11 21:01 - 24738792 _____ C:\Users\Prinzessin\Downloads\vlc-2.1.2-win64.exe
2014-01-09 12:16 - 2012-07-26 08:21 - 00017735 _____ C:\Windows\setupact.log
2014-01-09 09:02 - 2013-11-20 11:36 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-20 11:36 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-06 20:39 - 2014-01-06 20:39 - 00518875 _____ C:\Users\Prinzessin\Downloads\HA_Statistic.zip
2014-01-06 20:39 - 2014-01-06 20:39 - 00000000 ____D C:\Users\Prinzessin\Downloads\HA_Statistic
2014-01-04 18:41 - 2013-08-24 10:56 - 00000000 ____D C:\Program Files (x86)\Nightly.bak
2014-01-04 15:32 - 2014-01-04 15:24 - 00004928 _____ C:\Windows\DPINST.LOG
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D C:\Program Files\DellTPad
2014-01-04 15:24 - 2014-01-04 15:24 - 00000000 ____D C:\ProgramData\Dell
2014-01-04 15:24 - 2014-01-04 15:18 - 69095472 _____ (Dell Inc.) C:\Users\Prinzessin\Downloads\Input_Driver_FGG85_WN_8.1200.101.214_A02.EXE
2014-01-04 15:16 - 2014-01-04 15:16 - 10121992 _____ C:\Users\Prinzessin\Downloads\Tocuhpad treiber.exe
2014-01-01 21:47 - 2014-01-01 21:47 - 00000000 ____D C:\Program Files (x86)\Nightly
2014-01-01 21:00 - 2013-12-01 21:33 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\FileZilla
2014-01-01 18:53 - 2014-01-01 18:43 - 00000000 ____D C:\Users\Prinzessin\Documents\Kiwilicious
2014-01-01 18:45 - 2013-12-28 19:51 - 00000000 ____D C:\Users\Prinzessin\Documents\XAMPP
2014-01-01 18:42 - 2014-01-01 18:42 - 00000676 _____ C:\Users\Prinzessin\Documents\cookie.html
2014-01-01 18:42 - 2014-01-01 18:42 - 00000512 _____ C:\Users\Prinzessin\Documents\.htaccess
2013-12-29 20:21 - 2013-12-29 20:21 - 00000000 ____D C:\Users\Prinzessin\Desktop\uploads
2013-12-29 14:34 - 2013-12-29 14:34 - 00322096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o.psd
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o (1).psd
2013-12-28 19:30 - 2013-12-28 19:30 - 00055224 _____ C:\Users\Prinzessin\Downloads\backerinchen.wordpress.2013-12-28.xml
2013-12-28 19:24 - 2013-12-28 19:24 - 00162710 _____ C:\Users\Prinzessin\Downloads\kiwilicious.wordpress.2013-12-28.xml
2013-12-28 19:15 - 2013-12-28 19:15 - 00000000 ____D C:\Users\Prinzessin\Downloads\wordpress-3.8
2013-12-28 19:13 - 2013-12-28 19:12 - 06367550 _____ C:\Users\Prinzessin\Downloads\wordpress-3.8.zip
2013-12-28 18:59 - 2013-12-28 18:59 - 00003217 _____ C:\Users\Prinzessin\Downloads\wp-config.php
2013-12-28 18:56 - 2013-12-27 20:56 - 00003495 _____ C:\Users\Prinzessin\Desktop\wp-config1.php
2013-12-28 17:42 - 2013-12-28 16:50 - 00000000 ____D C:\Program Files\XAMPP
2013-12-28 17:41 - 2013-12-28 17:41 - 03026171 _____ C:\Users\Prinzessin\Downloads\localhost.sql
2013-12-28 16:48 - 2013-12-28 16:47 - 123794144 _____ (BitNami) C:\Users\Prinzessin\Downloads\xampp-win32-1.8.3-2-VC11-installer.exe
2013-12-28 16:43 - 2013-12-28 16:38 - 00000961 _____ C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Helios
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Program Files\TextPad 7
2013-12-28 16:37 - 2013-12-28 16:37 - 00000000 ____D C:\Users\Prinzessin\Downloads\txpdeu710
2013-12-28 16:22 - 2013-12-28 16:22 - 02842038 _____ C:\Users\Prinzessin\Downloads\bueno.zip
2013-12-28 16:21 - 2013-12-28 16:21 - 05173196 _____ C:\Users\Prinzessin\Downloads\irresistible.zip
2013-12-27 23:45 - 2013-12-27 23:45 - 00000071 _____ C:\Users\Prinzessin\Desktop\index.html
2013-12-27 22:36 - 2013-12-27 22:36 - 01621358 _____ C:\Users\Prinzessin\Downloads\customizr.3.1.5.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 01651587 _____ C:\Users\Prinzessin\Downloads\hueman.1.2.7.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 00000000 ____D C:\Users\Prinzessin\Downloads\hueman.1.2.7
2013-12-27 21:46 - 2013-12-27 21:46 - 00000000 ____D C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht
2013-12-27 21:45 - 2013-12-27 21:45 - 00029708 _____ C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht.zip
2013-12-27 21:10 - 2013-12-27 21:06 - 00000000 ____D C:\Users\Prinzessin\Desktop\Kiwilicious Backup 27.12
2013-12-27 21:06 - 2013-12-28 18:07 - 00000512 _____ C:\Users\Prinzessin\Desktop\.htaccess.backup
2013-12-23 12:38 - 2013-09-24 18:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-12-23 12:19 - 2013-12-23 12:19 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iTunes
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-23 12:18 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iPod
Some content of TEMP:
====================
C:\Users\Prinzessin\AppData\Local\Temp\ose00000.exe
C:\Users\Prinzessin\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Prinzessin\AppData\Local\Temp\Quarantine.exe
C:\Users\Prinzessin\AppData\Local\Temp\sqlite3.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-17 10:43
==================== End Of Log ============================
--- --- --- --- --- --- Vielen Dank  |
|
19.01.2014, 09:53
| #6 |
| /// the machine /// TB-Ausbilder | VLC von der falschen Seite geladen..ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> VLC von der falschen Seite geladen.. |
|
19.01.2014, 23:27
| #7 |
| | VLC von der falschen Seite geladen.. Puh, endlich alles gescannt. Hier die Logs. Probleme hab ich eigentlich keine. Die Startfenster Geschichten sind alle weg. Eine Frage hätt ich allerdings noch. Muss bzw soll ich den "falschen" VLC Player deinstallieren oder kann der bleiben? Eset log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1a5f6564626fe14681c3925b99680853
# engine=16709
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-19 09:58:07
# local_time=2014-01-19 10:58:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776573 100 94 38406 17452162 0 0
# scanned=232511
# found=0
# cleaned=0
# scan_time=36013
Code:
ATTFilter Results of screen317's Security Check version 0.99.79 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 45 Java version out of Date! Adobe Reader XI Google Chrome 31.0.1650.63 Google Chrome 32.0.1700.76 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Windows Defender MsMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04
Ran by Prinzessin (administrator) on LILLI on 19-01-2014 23:21:15
Running from C:\Users\Prinzessin\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Google\Update\Install\{FC8C7E33-1531-4429-9F23-3BB717CE4201}\32.0.1700.76_31.0.1650.63_chrome_updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\setup.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE3CA919EFC03CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
FireFox:
========
FF ProfilePath: C:\Users\Prinzessin\AppData\Roaming\Mozilla\Firefox\Profiles\jp8va1ae.default
FF NetworkProxy: "http", "proxy.fh-brandenburg.de"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-24]
CHR Extension: (Google Drive) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-24]
CHR Extension: (YouTube) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-24]
CHR Extension: (Google-Suche) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-24]
CHR Extension: (iCloud-Lesezeichen) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-11-09]
CHR Extension: (Hola Besseres Internet) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-09-24]
CHR Extension: (Google Wallet) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Google Mail) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-24]
==================== Services (Whitelisted) =================
U2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
U2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [73746 2012-08-14] (Fortinet Inc.)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
U3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
U3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [15656 2012-08-14] (Fortinet Inc)
U1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [23928 2011-09-09] (Fortinet Inc)
U3 Fortips; C:\Windows\System32\drivers\fortips.sys [126760 2012-08-14] (Fortinet Inc)
U3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [46888 2012-08-14] (Fortinet Inc)
U3 ft_vnic; C:\Windows\system32\DRIVERS\ftvnic.sys [16928 2011-03-21] (Fortinet Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-19 23:21 - 2014-01-19 23:21 - 00000000 ____D C:\Users\Prinzessin\Desktop\FRST-OlderVersion
2014-01-19 23:20 - 2014-01-19 23:20 - 00000917 _____ C:\Users\Prinzessin\Desktop\checkup.txt
2014-01-19 23:18 - 2014-01-19 23:18 - 00987425 _____ C:\Users\Prinzessin\Desktop\SecurityCheck.exe
2014-01-19 12:55 - 2014-01-19 12:55 - 02347384 _____ (ESET) C:\Users\Prinzessin\Downloads\esetsmartinstaller_enu.exe
2014-01-18 13:42 - 2014-01-18 13:46 - 00000769 _____ C:\Users\Prinzessin\Desktop\JRT.txt
2014-01-18 13:33 - 2014-01-18 13:33 - 00000000 ____D C:\Windows\ERUNT
2014-01-18 13:31 - 2014-01-18 13:31 - 01037068 _____ (Thisisu) C:\Users\Prinzessin\Desktop\JRT.exe
2014-01-18 13:30 - 2014-01-18 13:30 - 00001410 _____ C:\Users\Prinzessin\Desktop\AdwCleaner[S0].txt
2014-01-18 13:25 - 2014-01-18 13:27 - 00000000 ____D C:\AdwCleaner
2014-01-18 13:09 - 2014-01-18 13:09 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Malwarebytes
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 13:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-18 13:08 - 2014-01-18 13:08 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Prinzessin\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 13:08 - 2014-01-18 13:08 - 01236282 _____ C:\Users\Prinzessin\Desktop\adwcleaner.exe
2014-01-15 11:45 - 2014-01-15 11:45 - 00011156 _____ C:\Users\Prinzessin\Desktop\Addition.txt
2014-01-15 11:44 - 2014-01-19 23:21 - 00010552 _____ C:\Users\Prinzessin\Desktop\FRST.txt
2014-01-15 11:44 - 2014-01-19 23:21 - 00000000 ____D C:\FRST
2014-01-15 11:43 - 2014-01-19 23:21 - 02076672 _____ (Farbar) C:\Users\Prinzessin\Desktop\FRST64.exe
2014-01-15 11:08 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 11:08 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 11:08 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 11:08 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 11:08 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-15 11:08 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-15 11:08 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-15 11:08 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-15 11:08 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-15 11:08 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-15 11:08 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-15 11:08 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-15 11:08 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-15 11:08 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-15 11:08 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-15 10:31 - 2014-01-15 10:39 - 00048596 _____ C:\Users\Prinzessin\Desktop\Extras.Txt
2014-01-15 10:31 - 2014-01-15 10:32 - 00133010 _____ C:\Users\Prinzessin\Desktop\OTL.Txt
2014-01-15 10:10 - 2014-01-15 10:10 - 00602112 _____ (OldTimer Tools) C:\Users\Prinzessin\Desktop\OTL.exe
2014-01-11 21:21 - 2014-01-19 16:02 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\vlc
2014-01-11 21:19 - 2014-01-11 21:19 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 21:19 - 2014-01-11 21:19 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 21:01 - 2014-01-11 21:02 - 24738792 _____ C:\Users\Prinzessin\Downloads\vlc-2.1.2-win64.exe
2014-01-06 20:39 - 2014-01-06 20:39 - 00518875 _____ C:\Users\Prinzessin\Downloads\HA_Statistic.zip
2014-01-06 20:39 - 2014-01-06 20:39 - 00000000 ____D C:\Users\Prinzessin\Downloads\HA_Statistic
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D C:\Program Files\DellTPad
2014-01-04 15:24 - 2014-01-04 15:32 - 00004928 _____ C:\Windows\DPINST.LOG
2014-01-04 15:24 - 2014-01-04 15:24 - 00000000 ____D C:\ProgramData\Dell
2014-01-04 15:24 - 2012-09-19 06:46 - 00447864 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys
2014-01-04 15:24 - 2012-05-17 14:08 - 00113048 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2014-01-04 15:24 - 2009-07-14 09:51 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-01-04 15:18 - 2014-01-04 15:24 - 69095472 _____ (Dell Inc.) C:\Users\Prinzessin\Downloads\Input_Driver_FGG85_WN_8.1200.101.214_A02.EXE
2014-01-04 15:16 - 2014-01-04 15:16 - 10121992 _____ C:\Users\Prinzessin\Downloads\Tocuhpad treiber.exe
2014-01-01 21:47 - 2014-01-01 21:47 - 00000000 ____D C:\Program Files (x86)\Nightly
2014-01-01 18:43 - 2014-01-01 18:53 - 00000000 ____D C:\Users\Prinzessin\Documents\Kiwilicious
2014-01-01 18:42 - 2014-01-01 18:42 - 00000676 _____ C:\Users\Prinzessin\Documents\cookie.html
2014-01-01 18:42 - 2014-01-01 18:42 - 00000512 _____ C:\Users\Prinzessin\Documents\.htaccess
2013-12-29 20:21 - 2013-12-29 20:21 - 00000000 ____D C:\Users\Prinzessin\Desktop\uploads
2013-12-29 14:34 - 2013-12-29 14:34 - 00322096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o.psd
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o (1).psd
2013-12-28 19:51 - 2014-01-01 18:45 - 00000000 ____D C:\Users\Prinzessin\Documents\XAMPP
2013-12-28 19:30 - 2013-12-28 19:30 - 00055224 _____ C:\Users\Prinzessin\Downloads\backerinchen.wordpress.2013-12-28.xml
2013-12-28 19:24 - 2013-12-28 19:24 - 00162710 _____ C:\Users\Prinzessin\Downloads\kiwilicious.wordpress.2013-12-28.xml
2013-12-28 19:15 - 2013-12-28 19:15 - 00000000 ____D C:\Users\Prinzessin\Downloads\wordpress-3.8
2013-12-28 19:12 - 2013-12-28 19:13 - 06367550 _____ C:\Users\Prinzessin\Downloads\wordpress-3.8.zip
2013-12-28 18:59 - 2013-12-28 18:59 - 00003217 _____ C:\Users\Prinzessin\Downloads\wp-config.php
2013-12-28 18:07 - 2013-12-27 21:06 - 00000512 _____ C:\Users\Prinzessin\Desktop\.htaccess.backup
2013-12-28 17:41 - 2013-12-28 17:41 - 03026171 _____ C:\Users\Prinzessin\Downloads\localhost.sql
2013-12-28 16:50 - 2013-12-28 17:42 - 00000000 ____D C:\Program Files\XAMPP
2013-12-28 16:47 - 2013-12-28 16:48 - 123794144 _____ (BitNami) C:\Users\Prinzessin\Downloads\xampp-win32-1.8.3-2-VC11-installer.exe
2013-12-28 16:38 - 2013-12-28 16:43 - 00000961 _____ C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Helios
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Program Files\TextPad 7
2013-12-28 16:37 - 2013-12-28 16:37 - 00000000 ____D C:\Users\Prinzessin\Downloads\txpdeu710
2013-12-28 16:22 - 2013-12-28 16:22 - 02842038 _____ C:\Users\Prinzessin\Downloads\bueno.zip
2013-12-28 16:21 - 2013-12-28 16:21 - 05173196 _____ C:\Users\Prinzessin\Downloads\irresistible.zip
2013-12-27 23:45 - 2013-12-27 23:45 - 00000071 _____ C:\Users\Prinzessin\Desktop\index.html
2013-12-27 22:36 - 2013-12-27 22:36 - 01621358 _____ C:\Users\Prinzessin\Downloads\customizr.3.1.5.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 01651587 _____ C:\Users\Prinzessin\Downloads\hueman.1.2.7.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 00000000 ____D C:\Users\Prinzessin\Downloads\hueman.1.2.7
2013-12-27 21:46 - 2013-12-27 21:46 - 00000000 ____D C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht
2013-12-27 21:45 - 2013-12-27 21:45 - 00029708 _____ C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht.zip
2013-12-27 21:06 - 2013-12-27 21:10 - 00000000 ____D C:\Users\Prinzessin\Desktop\Kiwilicious Backup 27.12
2013-12-27 20:56 - 2013-12-28 18:56 - 00003495 _____ C:\Users\Prinzessin\Desktop\wp-config1.php
2013-12-23 12:19 - 2013-12-23 12:19 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\Program Files\iTunes
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-23 12:18 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iPod
==================== One Month Modified Files and Folders =======
2014-01-19 23:21 - 2014-01-19 23:21 - 00000000 ____D C:\Users\Prinzessin\Desktop\FRST-OlderVersion
2014-01-19 23:21 - 2014-01-15 11:44 - 00010552 _____ C:\Users\Prinzessin\Desktop\FRST.txt
2014-01-19 23:21 - 2014-01-15 11:44 - 00000000 ____D C:\FRST
2014-01-19 23:21 - 2014-01-15 11:43 - 02076672 _____ (Farbar) C:\Users\Prinzessin\Desktop\FRST64.exe
2014-01-19 23:20 - 2014-01-19 23:20 - 00000917 _____ C:\Users\Prinzessin\Desktop\checkup.txt
2014-01-19 23:18 - 2014-01-19 23:18 - 00987425 _____ C:\Users\Prinzessin\Desktop\SecurityCheck.exe
2014-01-19 23:13 - 2013-08-22 17:42 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Dropbox
2014-01-19 23:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-19 22:53 - 2013-08-24 16:38 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-19 21:53 - 2013-08-24 16:38 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-19 16:02 - 2014-01-11 21:21 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\vlc
2014-01-19 13:46 - 2013-08-15 14:15 - 01364415 _____ C:\Windows\WindowsUpdate.log
2014-01-19 12:55 - 2014-01-19 12:55 - 02347384 _____ (ESET) C:\Users\Prinzessin\Downloads\esetsmartinstaller_enu.exe
2014-01-18 20:50 - 2012-07-26 11:27 - 00715482 _____ C:\Windows\system32\perfh007.dat
2014-01-18 20:50 - 2012-07-26 11:27 - 00148046 _____ C:\Windows\system32\perfc007.dat
2014-01-18 20:50 - 2012-07-26 08:28 - 01654648 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-18 18:54 - 2013-08-24 16:39 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-18 17:53 - 2013-08-15 14:22 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3751189097-2915931777-4004511958-1001
2014-01-18 17:39 - 2013-08-22 17:46 - 00000000 ___RD C:\Users\Prinzessin\Documents\Dropbox
2014-01-18 13:46 - 2014-01-18 13:42 - 00000769 _____ C:\Users\Prinzessin\Desktop\JRT.txt
2014-01-18 13:33 - 2014-01-18 13:33 - 00000000 ____D C:\Windows\ERUNT
2014-01-18 13:31 - 2014-01-18 13:31 - 01037068 _____ (Thisisu) C:\Users\Prinzessin\Desktop\JRT.exe
2014-01-18 13:30 - 2014-01-18 13:30 - 00001410 _____ C:\Users\Prinzessin\Desktop\AdwCleaner[S0].txt
2014-01-18 13:29 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-18 13:28 - 2012-07-26 06:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2014-01-18 13:27 - 2014-01-18 13:25 - 00000000 ____D C:\AdwCleaner
2014-01-18 13:22 - 2013-08-15 14:04 - 00004044 _____ C:\Windows\PFRO.log
2014-01-18 13:11 - 2013-08-22 17:46 - 00000994 _____ C:\Users\Prinzessin\Desktop\Dropbox.lnk
2014-01-18 13:11 - 2013-08-22 17:44 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-18 13:11 - 2013-08-15 14:16 - 00000000 ___RD C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-18 13:09 - 2014-01-18 13:09 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Malwarebytes
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 13:08 - 2014-01-18 13:08 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Prinzessin\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 13:08 - 2014-01-18 13:08 - 01236282 _____ C:\Users\Prinzessin\Desktop\adwcleaner.exe
2014-01-18 13:04 - 2013-08-15 18:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-15 12:21 - 2013-09-24 18:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 12:20 - 2013-08-15 18:20 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 12:18 - 2013-08-15 18:20 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 12:18 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2014-01-15 11:45 - 2014-01-15 11:45 - 00011156 _____ C:\Users\Prinzessin\Desktop\Addition.txt
2014-01-15 10:39 - 2014-01-15 10:31 - 00048596 _____ C:\Users\Prinzessin\Desktop\Extras.Txt
2014-01-15 10:32 - 2014-01-15 10:31 - 00133010 _____ C:\Users\Prinzessin\Desktop\OTL.Txt
2014-01-15 10:10 - 2014-01-15 10:10 - 00602112 _____ (OldTimer Tools) C:\Users\Prinzessin\Desktop\OTL.exe
2014-01-15 10:03 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-11 21:19 - 2014-01-11 21:19 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 21:19 - 2014-01-11 21:19 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 21:15 - 2013-09-24 18:47 - 00000000 ____D C:\Users\Prinzessin\AppData\Local\Microsoft Help
2014-01-11 21:02 - 2014-01-11 21:01 - 24738792 _____ C:\Users\Prinzessin\Downloads\vlc-2.1.2-win64.exe
2014-01-09 12:16 - 2012-07-26 08:21 - 00017735 _____ C:\Windows\setupact.log
2014-01-09 09:02 - 2013-11-20 11:36 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-20 11:36 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-06 20:39 - 2014-01-06 20:39 - 00518875 _____ C:\Users\Prinzessin\Downloads\HA_Statistic.zip
2014-01-06 20:39 - 2014-01-06 20:39 - 00000000 ____D C:\Users\Prinzessin\Downloads\HA_Statistic
2014-01-04 18:41 - 2013-08-24 10:56 - 00000000 ____D C:\Program Files (x86)\Nightly.bak
2014-01-04 15:32 - 2014-01-04 15:24 - 00004928 _____ C:\Windows\DPINST.LOG
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D C:\Program Files\DellTPad
2014-01-04 15:24 - 2014-01-04 15:24 - 00000000 ____D C:\ProgramData\Dell
2014-01-04 15:24 - 2014-01-04 15:18 - 69095472 _____ (Dell Inc.) C:\Users\Prinzessin\Downloads\Input_Driver_FGG85_WN_8.1200.101.214_A02.EXE
2014-01-04 15:16 - 2014-01-04 15:16 - 10121992 _____ C:\Users\Prinzessin\Downloads\Tocuhpad treiber.exe
2014-01-01 21:47 - 2014-01-01 21:47 - 00000000 ____D C:\Program Files (x86)\Nightly
2014-01-01 21:00 - 2013-12-01 21:33 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\FileZilla
2014-01-01 18:53 - 2014-01-01 18:43 - 00000000 ____D C:\Users\Prinzessin\Documents\Kiwilicious
2014-01-01 18:45 - 2013-12-28 19:51 - 00000000 ____D C:\Users\Prinzessin\Documents\XAMPP
2014-01-01 18:42 - 2014-01-01 18:42 - 00000676 _____ C:\Users\Prinzessin\Documents\cookie.html
2014-01-01 18:42 - 2014-01-01 18:42 - 00000512 _____ C:\Users\Prinzessin\Documents\.htaccess
2013-12-29 20:21 - 2013-12-29 20:21 - 00000000 ____D C:\Users\Prinzessin\Desktop\uploads
2013-12-29 14:34 - 2013-12-29 14:34 - 00322096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o.psd
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o (1).psd
2013-12-28 19:30 - 2013-12-28 19:30 - 00055224 _____ C:\Users\Prinzessin\Downloads\backerinchen.wordpress.2013-12-28.xml
2013-12-28 19:24 - 2013-12-28 19:24 - 00162710 _____ C:\Users\Prinzessin\Downloads\kiwilicious.wordpress.2013-12-28.xml
2013-12-28 19:15 - 2013-12-28 19:15 - 00000000 ____D C:\Users\Prinzessin\Downloads\wordpress-3.8
2013-12-28 19:13 - 2013-12-28 19:12 - 06367550 _____ C:\Users\Prinzessin\Downloads\wordpress-3.8.zip
2013-12-28 18:59 - 2013-12-28 18:59 - 00003217 _____ C:\Users\Prinzessin\Downloads\wp-config.php
2013-12-28 18:56 - 2013-12-27 20:56 - 00003495 _____ C:\Users\Prinzessin\Desktop\wp-config1.php
2013-12-28 17:42 - 2013-12-28 16:50 - 00000000 ____D C:\Program Files\XAMPP
2013-12-28 17:41 - 2013-12-28 17:41 - 03026171 _____ C:\Users\Prinzessin\Downloads\localhost.sql
2013-12-28 16:48 - 2013-12-28 16:47 - 123794144 _____ (BitNami) C:\Users\Prinzessin\Downloads\xampp-win32-1.8.3-2-VC11-installer.exe
2013-12-28 16:43 - 2013-12-28 16:38 - 00000961 _____ C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Helios
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Program Files\TextPad 7
2013-12-28 16:37 - 2013-12-28 16:37 - 00000000 ____D C:\Users\Prinzessin\Downloads\txpdeu710
2013-12-28 16:22 - 2013-12-28 16:22 - 02842038 _____ C:\Users\Prinzessin\Downloads\bueno.zip
2013-12-28 16:21 - 2013-12-28 16:21 - 05173196 _____ C:\Users\Prinzessin\Downloads\irresistible.zip
2013-12-27 23:45 - 2013-12-27 23:45 - 00000071 _____ C:\Users\Prinzessin\Desktop\index.html
2013-12-27 22:36 - 2013-12-27 22:36 - 01621358 _____ C:\Users\Prinzessin\Downloads\customizr.3.1.5.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 01651587 _____ C:\Users\Prinzessin\Downloads\hueman.1.2.7.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 00000000 ____D C:\Users\Prinzessin\Downloads\hueman.1.2.7
2013-12-27 21:46 - 2013-12-27 21:46 - 00000000 ____D C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht
2013-12-27 21:45 - 2013-12-27 21:45 - 00029708 _____ C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht.zip
2013-12-27 21:10 - 2013-12-27 21:06 - 00000000 ____D C:\Users\Prinzessin\Desktop\Kiwilicious Backup 27.12
2013-12-27 21:06 - 2013-12-28 18:07 - 00000512 _____ C:\Users\Prinzessin\Desktop\.htaccess.backup
2013-12-23 12:38 - 2013-09-24 18:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-12-23 12:19 - 2013-12-23 12:19 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iTunes
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-23 12:18 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iPod
Some content of TEMP:
====================
C:\Users\Prinzessin\AppData\Local\Temp\ose00000.exe
C:\Users\Prinzessin\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Prinzessin\AppData\Local\Temp\Quarantine.exe
C:\Users\Prinzessin\AppData\Local\Temp\sqlite3.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-17 10:43
==================== End Of Log ============================
|
|
20.01.2014, 22:10
| #8 |
| /// the machine /// TB-Ausbilder | VLC von der falschen Seite geladen.. Der kann bleiben Fertig Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.01.2014, 21:57
| #9 |
| | VLC von der falschen Seite geladen.. Alles erledigt. Vielen vielen Dank nochmal für die tolle und schnelle Hilfe |
|
27.01.2014, 16:11
| #10 |
| /// the machine /// TB-Ausbilder | VLC von der falschen Seite geladen.. Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu VLC von der falschen Seite geladen.. |
| adobe reader xi, autorun, bho, bonjour, browser, desktop, down, error, fehler, firefox, format, frage, google, helper, iexplore.exe, install.exe, logfile, mozilla, registry, required, rundll, scan, security, senden, software, svchost.exe, trojaner, windows |
Linear-Darstellung
