| |
| |||||||
Log-Analyse und Auswertung: online.loginwinnerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
05.07.2013, 19:48
| #1 |
| |  online.loginwinner Hallo Zusammen, oben genanntes Problem habe ich seit circa einer Woche. Nach vollendetem Starten meines Rechners erscheint eine Website über den Internet Explorer. In der Adressleiste lese ich u.A.: Online.loginwinner etc. bla bla. nun habe ich auf Anweisungen einen Scan per OTL durchgeführt und es haut mir folgenden Text raus mit dem ich nichts anfangen kann. Kann mir bitte jemand erklären wie es nun um meinen Rechner steht und was zu tun ist??? Vielen Dank!OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.07.2013 20:30:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fujitsu\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,98 Gb Total Physical Memory | 0,44 Gb Available Physical Memory | 22,17% Memory free 3,95 Gb Paging File | 1,73 Gb Available in Paging File | 43,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 412,46 Gb Free Space | 88,56% Space Free | Partition Type: NTFS Drive D: | 232,79 Gb Total Space | 162,66 Gb Free Space | 69,88% Space Free | Partition Type: NTFS Drive E: | 602,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: FUJITSU-PC | User Name: Fujitsu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Fujitsu\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Programme\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) PRC - C:\Programme\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) PRC - C:\Programme\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) PRC - C:\Programme\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.) PRC - C:\Programme\BlueStacks\HD-SharedFolder.exe (BlueStack Systems) PRC - C:\Programme\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) PRC - C:\Programme\BlueStacks\HD-Network.exe (BlueStack Systems) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\2db8b91a7e8afbeb6ab9054b5106e76d\Kies.Theme.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\d57a64d4d9380a736795eee3558884ec\DummyStorePlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\e9e3be409bcdf8a5ee93c2cb52fd8b16\DevicePodcast.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceStoryAlbum\21923f64b8f95a5739bc162861ef5031\DeviceStoryAlbum.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\3bf70c1b2360308f885dd42c485e1688\DevicePhoto.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\c6b101d79aa2301fc9bfa663b770d675\DeviceVideo.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\35c2064b31b185e0e383a7098f674d19\DeviceMusic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\a949e391c3a1c0517f7bc8203177e4b7\VideoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\03509c57343d15b04c3e500881468935\PhotoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\001283ee4908fe306edc3bb7e51fe482\Phonebook.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\StoryAlbumManager\6951958877abfeca12ee544dcbc2baae\StoryAlbumManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\a3e9cc0d7c111e7d26e2a69f4f036cbe\MusicManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\477c7cbb61eceeef3a99224a1e01fe83\BATPlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\75c7c575f6689e92dddebc4dec03936a\Kies.Common.StoreManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\98c215519de00140fecea93f7e87d760\Kies.Common.MediaDB.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\b15c7177336990934904f2a4d00d21c6\Kies.Common.AllShare.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\568318788ecfc9987a25e22210bb3969\Kies.Common.DBManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\d24ae78193182f99851ab2358659e07b\Kies.Common.CRMManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\0f251eba2d65062006a708789162fe58\Podcaster.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3aa8d08a7455381a10b860f4e6f31688\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\df834c343e35a061038e47b4c90d2a76\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a6bca8254ab5bfeeea96b9afab85f7b3\Kies.Common.DeviceServiceLib.FileService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\2592fcf4d587518cb3115916e7806e00\Interop.DevFileServiceLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\31b845187a60f9a691fc1feabd776f7e\Kies.Common.DeviceService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\334099e2ebfe8d3a68e3aa5dd1eb618a\DeviceCommonLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\0d0137de25181121dc788106727cb711\Kies.Plugin.ContentsManagerLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\aed0bb697deb98de0a5ee5de1ee4bb21\Kies.Common.MainUI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d7f78f8f871796b0ebbbc25b4156d684\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\18a5d637fa6a693d15ebaa6959e16dad\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\9be3616211decebc794481994113cdaf\Interop.PRPLAYERCORELib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\76f0bf746b24ffe5fd168acc4d021480\Kies.Common.Multimedia.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\908e33acf85416e9ab6f26266152f7ef\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\766a34ab34f3aa3646eb551a409ac168\Kies.Common.DeviceServiceLib.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\27d42c72dfd22ffa00ae47ea2b66dee0\DeviceHost.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\6e7badfd594eb3550f41f8b46150bb7d\Kies.Common.Util.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\fb132142a1e27a6d36ba83c77610dcc4\Kies.Locale.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\915089dd1e5527b679903f9e60185559\Interop.DeviceSearchLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\9832b22c236b2ad18c0f809d6164017b\Kies.UI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\49730b0464662fd6abc7c48ae056dbcf\Kies.MVVM.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\f67e1afe33aa6c76e375dbd4fa132363\GongSolutions.Wpf.DragDrop.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\ab1583c63744f2b1823d4b7f5a1d29f1\Kies.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\81f9e6e35aef6525350fd43c1aa39e81\Kies.ni.exe () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\b2d389d76df5b2143fc6b3638c379dd4\HD-Agent.ni.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ce6b7579fbb77330560e9122d1cf6526\System.Web.ni.dll () MOD - C:\Programme\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll () MOD - C:\Programme\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll () MOD - C:\Programme\Google\Chrome\Application\27.0.1453.116\pdf.dll () MOD - C:\Programme\Google\Chrome\Application\27.0.1453.116\libglesv2.dll () MOD - C:\Programme\Google\Chrome\Application\27.0.1453.116\libegl.dll () MOD - C:\Programme\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\9bc3c10fc4e362243a5fdc1c660fc2ea\JSON.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BstHdLogRotatorSvc) -- C:\Programme\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) SRV - (BstHdAndroidSvc) -- C:\Program Files\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (BstHdDrv) -- C:\Programme\BlueStacks\HD-Hypervisor-x86.sys (BlueStack Systems) DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (iaStorA) -- C:\Windows\System32\drivers\iaStorA.sys (Intel Corporation) DRV - (iaStorF) -- C:\Windows\System32\drivers\iaStorF.sys (Intel Corporation) DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1482170188-4151695629-2008753987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-1482170188-4151695629-2008753987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1482170188-4151695629-2008753987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1482170188-4151695629-2008753987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF 50 34 4D 3F 53 CE 01 [binary data] IE - HKU\S-1-5-21-1482170188-4151695629-2008753987-1000\..\SearchScopes,DefaultScope = {C9410FED-F443-4133-9E16-30DA94A29D5E} IE - HKU\S-1-5-21-1482170188-4151695629-2008753987-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-1482170188-4151695629-2008753987-1000\..\SearchScopes\{C9410FED-F443-4133-9E16-30DA94A29D5E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-1482170188-4151695629-2008753987-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - Extension: Google Docs = C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [BlueStacks Agent] C:\Programme\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1482170188-4151695629-2008753987-1000..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1482170188-4151695629-2008753987-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-1482170188-4151695629-2008753987-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1482170188-4151695629-2008753987-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0447735D-B414-4DD3-BD13-0970384727CD}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13140994-023E-451F-93EE-3B72B228E1DD}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2003.01.17 22:32:20 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ] O32 - AutoRun File - [2003.01.13 22:01:56 | 001,101,824 | R--- | M] () - E:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2003.01.13 09:28:00 | 000,002,012 | R--- | M] () - E:\autorun.csf -- [ CDFS ] O32 - AutoRun File - [2003.01.13 09:28:00 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{8def21cf-bf34-11e2-86b0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8def21cf-bf34-11e2-86b0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2003.01.13 22:01:56 | 001,101,824 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.02 22:09:10 | 000,000,000 | ---D | C] -- C:\Users\Fujitsu\Documents\Command and Conquer Generals Data [2013.07.02 21:28:05 | 000,000,000 | ---D | C] -- C:\Users\Fujitsu\Documents\Samsung S3 [2013.07.02 21:18:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2013.07.02 21:18:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.07.02 21:18:08 | 000,000,000 | ---D | C] -- C:\Users\Fujitsu\AppData\Local\Samsung [2013.07.02 21:18:06 | 000,000,000 | ---D | C] -- C:\Users\Fujitsu\AppData\Roaming\Samsung [2013.07.02 21:17:52 | 000,000,000 | ---D | C] -- C:\Users\Fujitsu\Documents\samsung [2013.07.02 21:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2013.07.02 21:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec [2013.07.02 21:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2013.07.02 21:12:13 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2013.07.02 21:12:01 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2013.07.02 21:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2013.07.02 21:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2013.07.02 21:08:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.07.02 21:01:22 | 000,000,000 | ---D | C] -- C:\Users\Fujitsu\Documents\2gb sd datenrettung 02.07.2013 [2013.07.02 19:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2013.07.02 19:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games [2013.07.01 18:26:47 | 000,000,000 | ---D | C] -- C:\Users\Fujitsu\AppData\Roaming\GrabIt [2013.07.01 18:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GrabIt [2013.07.01 18:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\GrabIt [2013.07.01 18:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2013.06.21 17:38:18 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.06.21 17:38:14 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.06.21 17:38:14 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.06.21 17:38:13 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.06.16 16:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2013.06.16 16:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center [2013.06.14 00:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.06.14 00:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.06.14 00:30:46 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.06.14 00:30:46 | 000,789,416 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.06.14 00:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.06.14 00:27:09 | 000,000,000 | ---D | C] -- C:\Users\Fujitsu\AppData\Roaming\OpenOffice.org [2013.06.14 00:23:23 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.06.14 00:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2013.06.14 00:21:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2013.06.14 00:15:52 | 000,000,000 | ---D | C] -- C:\Users\Fujitsu\AppData\Local\Downloaded Installations [2013.06.14 00:15:42 | 000,000,000 | ---D | C] -- C:\Users\Fujitsu\AppData\Roaming\DSite [2013.06.14 00:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.06.12 16:16:26 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.06.12 16:16:25 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.06.12 16:14:23 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.06.12 16:14:23 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.06.12 16:14:22 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.06.12 16:14:22 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.06.12 16:14:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.06.12 16:14:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.06.12 16:14:21 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.06.12 16:14:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.06.12 15:39:49 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.06.12 15:39:44 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll [2013.06.12 15:39:39 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe [2013.06.12 15:39:38 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll [2013.06.12 15:39:35 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.06.12 15:39:35 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe ========== Files - Modified Within 30 Days ========== [2013.07.05 20:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.05 20:15:11 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\DSite.job [2013.07.05 20:15:10 | 000,000,005 | ---- | M] () -- C:\Users\Fujitsu\AppData\Roaming\WBPU-TTL.DAT [2013.07.05 19:46:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.05 19:04:04 | 000,001,852 | ---- | M] () -- C:\Users\Fujitsu\Desktop\Command & Conquer Generals.lnk [2013.07.05 18:54:46 | 000,657,074 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.05 18:54:46 | 000,618,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.05 18:54:46 | 000,131,522 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.05 18:54:46 | 000,107,674 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.07.05 18:53:22 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.05 18:53:22 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.05 18:47:38 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.05 18:47:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.05 18:47:13 | 1590,484,992 | -HS- | M] () -- C:\hiberfil.sys [2013.07.03 20:28:24 | 000,437,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.07.02 21:17:36 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk [2013.07.02 21:17:36 | 000,001,942 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2013.07.02 20:12:23 | 000,000,613 | ---- | M] () -- C:\Windows\eReg.dat [2013.07.01 18:25:12 | 000,000,941 | ---- | M] () -- C:\Users\Fujitsu\Desktop\GrabIt.lnk [2013.06.25 15:35:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.06.21 16:47:35 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.16 16:34:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01011.Wdf [2013.06.16 16:23:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01011.Wdf [2013.06.14 21:48:42 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.06.14 21:48:42 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.06.14 00:45:21 | 000,303,104 | ---- | M] () -- C:\Users\Fujitsu\Documents\Datenbank1.accdb [2013.06.14 00:33:20 | 000,002,440 | ---- | M] () -- C:\Users\Fujitsu\Documents\Testdatenbank.odb [2013.06.14 00:27:23 | 000,001,197 | ---- | M] () -- C:\Users\Fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.06.14 00:23:23 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.06.12 21:48:23 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.06.12 21:48:17 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.06.12 21:48:00 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.06.12 21:43:48 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.06.12 21:43:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.06.12 21:43:25 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.06.08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb ========== Files Created - No Company Name ========== [2013.07.05 19:04:04 | 000,001,852 | ---- | C] () -- C:\Users\Fujitsu\Desktop\Command & Conquer Generals.lnk [2013.07.02 21:17:36 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk [2013.07.02 21:17:36 | 000,001,942 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2013.07.02 20:12:23 | 000,000,613 | ---- | C] () -- C:\Windows\eReg.dat [2013.07.01 18:25:12 | 000,000,941 | ---- | C] () -- C:\Users\Fujitsu\Desktop\GrabIt.lnk [2013.07.01 18:18:15 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2013.06.25 15:35:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.06.17 18:15:14 | 000,000,005 | ---- | C] () -- C:\Users\Fujitsu\AppData\Roaming\WBPU-TTL.DAT [2013.06.16 16:34:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01011.Wdf [2013.06.16 16:23:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01011.Wdf [2013.06.14 21:48:45 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.14 00:41:28 | 000,303,104 | ---- | C] () -- C:\Users\Fujitsu\Documents\Datenbank1.accdb [2013.06.14 00:28:06 | 000,002,440 | ---- | C] () -- C:\Users\Fujitsu\Documents\Testdatenbank.odb [2013.06.14 00:27:23 | 000,001,197 | ---- | C] () -- C:\Users\Fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.06.14 00:23:23 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.06.14 00:15:43 | 000,000,294 | ---- | C] () -- C:\Windows\tasks\DSite.job [2013.05.22 20:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013.05.22 20:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2013.05.22 20:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2013.05.22 20:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2013.05.22 20:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2013.05.19 19:10:55 | 000,007,605 | ---- | C] () -- C:\Users\Fujitsu\AppData\Local\Resmon.ResmonCfg [2013.05.18 21:49:42 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2013.05.18 21:48:07 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2013.05.17 22:54:26 | 000,369,117 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012.12.14 02:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll [2012.12.14 02:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.12.14 02:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012.11.27 14:51:06 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin [2012.11.27 14:51:02 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin [2012.11.27 14:51:00 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.05.19 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\Fujitsu\AppData\Roaming\Alarmstufe Rot 3 Der Aufstand [2013.06.01 17:52:48 | 000,000,000 | ---D | M] -- C:\Users\Fujitsu\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2013.06.14 00:15:42 | 000,000,000 | ---D | M] -- C:\Users\Fujitsu\AppData\Roaming\DSite [2013.07.01 18:26:52 | 000,000,000 | ---D | M] -- C:\Users\Fujitsu\AppData\Roaming\GrabIt [2013.06.14 00:27:09 | 000,000,000 | ---D | M] -- C:\Users\Fujitsu\AppData\Roaming\OpenOffice.org [2013.05.18 21:37:41 | 000,000,000 | ---D | M] -- C:\Users\Fujitsu\AppData\Roaming\Origin [2013.07.02 21:18:06 | 000,000,000 | ---D | M] -- C:\Users\Fujitsu\AppData\Roaming\Samsung ========== Purity Check ========== < End of report > |
|
05.07.2013, 20:06
| #2 |
| /// the machine /// TB-Ausbilder    | online.loginwinner hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
05.07.2013, 20:13
| #3 |
| | online.loginwinner FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Fujitsu (administrator) on 05-07-2013 21:11:44
Running from C:\Users\Fujitsu\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung Electronics) C:\Program Files\Samsung\Kies\KiesAirMessage.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [11680400 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe [601928 2013-04-11] (BlueStack Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup [578560 2013-05-22] (Samsung Electronics)
HKCU\...\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
MountPoints2: {8def21cf-bf34-11e2-86b0-806e6f6e6963} - E:\autorun.exe
Startup: C:\Users\Fujitsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Extension: (Google Docs) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Fujitsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
========================== Services (Whitelisted) =================
R2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393032 2013-04-11] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384840 2013-04-11] (BlueStack Systems, Inc.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277616 2012-12-14] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63816 2013-04-11] (BlueStack Systems)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [524784 2013-01-14] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26608 2013-01-14] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-05 21:11 - 2013-07-05 21:11 - 00000000 ____D C:\FRST
2013-07-05 21:10 - 2013-07-05 21:11 - 01373373 ____A (Farbar) C:\Users\Fujitsu\Downloads\FRST.exe
2013-07-05 20:34 - 2013-07-05 20:34 - 00044414 ____A C:\Users\Fujitsu\Downloads\Extras.Txt
2013-07-05 20:33 - 2013-07-05 20:45 - 00085836 ____A C:\Users\Fujitsu\Downloads\OTL.Txt
2013-07-05 20:25 - 2013-07-05 20:26 - 00602112 ____A (OldTimer Tools) C:\Users\Fujitsu\Downloads\OTL.exe
2013-07-05 19:04 - 2013-07-05 19:04 - 00001852 ____A C:\Users\Fujitsu\Desktop\Command & Conquer Generals.lnk
2013-07-02 22:09 - 2013-07-02 22:46 - 00000000 ____D C:\Users\Fujitsu\Documents\Command and Conquer Generals Data
2013-07-02 21:28 - 2013-07-02 21:36 - 00000000 ____D C:\Users\Fujitsu\Documents\Samsung S3
2013-07-02 21:18 - 2013-07-02 21:18 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-07-02 21:18 - 2013-07-02 21:18 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-07-02 21:18 - 2013-07-02 21:18 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\Samsung
2013-07-02 21:18 - 2013-07-02 21:18 - 00000000 ____D C:\Users\Fujitsu\AppData\Local\Samsung
2013-07-02 21:17 - 2013-07-02 21:17 - 00001952 ____A C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-07-02 21:17 - 2013-07-02 21:17 - 00001942 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2013-07-02 21:17 - 2013-07-02 21:17 - 00000000 ____D C:\Users\Fujitsu\Documents\samsung
2013-07-02 21:13 - 2013-07-02 21:13 - 00000000 ____D C:\Program Files\MyFree Codec
2013-07-02 21:12 - 2013-05-22 20:43 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\System32\dgderapi.dll
2013-07-02 21:12 - 2013-05-22 20:33 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\System32\Redemption.dll
2013-07-02 21:11 - 2013-07-02 21:14 - 00000000 ____D C:\Program Files\Samsung
2013-07-02 21:11 - 2013-07-02 21:13 - 00000000 ____D C:\ProgramData\Samsung
2013-07-02 21:03 - 2013-07-02 21:04 - 69438144 ____A (Samsung Electronics Co., Ltd. ) C:\Users\Fujitsu\Downloads\KiesSetup.exe
2013-07-02 21:01 - 2013-07-02 21:05 - 00000000 ____D C:\Users\Fujitsu\Documents\2gb sd datenrettung 02.07.2013
2013-07-02 20:32 - 2013-07-02 20:32 - 03234713 ____A C:\Users\Fujitsu\Downloads\rcsetup147.zip
2013-07-02 20:21 - 2013-07-02 20:21 - 02346920 ____A (LionSea SoftWare ) C:\Users\Fujitsu\Downloads\setup.exe
2013-07-02 20:12 - 2013-07-02 20:12 - 00000613 ____A C:\Windows\eReg.dat
2013-07-02 19:52 - 2013-07-02 19:52 - 00000000 ____D C:\Program Files\EA Games
2013-07-01 19:23 - 2013-07-01 19:24 - 00004332 ____A C:\Users\Fujitsu\Downloads\alleUmsaetzeKTO54717100_20130701.csv
2013-07-01 19:08 - 2013-07-01 19:08 - 00003279 ____A C:\Users\Fujitsu\Downloads\01-avicii-wake_me_up_(radio_edit).mp3.nzb
2013-07-01 18:35 - 2013-07-01 18:35 - 00000597 ____A C:\Users\Fujitsu\Downloads\__nEwZNZB.iNFO.nfo.nzb
2013-07-01 18:30 - 2013-07-01 18:30 - 00105095 ____A C:\Users\Fujitsu\Downloads\000-german_top100_single_charts_24_06_2013-mcg.m3u.nzb
2013-07-01 18:26 - 2013-07-01 18:26 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\GrabIt
2013-07-01 18:25 - 2013-07-01 18:25 - 00000941 ____A C:\Users\Fujitsu\Desktop\GrabIt.lnk
2013-07-01 18:24 - 2013-07-01 18:25 - 00000000 ____D C:\Program Files\GrabIt
2013-07-01 18:16 - 2013-07-01 18:18 - 00000000 ____D C:\Program Files\Windows Live
2013-07-01 18:15 - 2013-07-01 18:15 - 02427820 ____A (Ilan Shemes ) C:\Users\Fujitsu\Downloads\GrabIt172b.exe
2013-06-28 16:30 - 2013-06-28 16:31 - 142608624 ____A (Microsoft Corporation) C:\Users\Fujitsu\Downloads\wlsetup-all_de_16.4.3505.0912.exe
2013-06-25 15:35 - 2013-06-25 15:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-06-22 15:13 - 2013-06-22 15:14 - 00000000 ____D C:\Users\Fujitsu\Downloads\tools & stuff
2013-06-21 17:38 - 2013-06-12 21:48 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-21 17:38 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-21 17:38 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-21 17:38 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-21 17:37 - 2013-06-21 17:38 - 00004932 ____A C:\Windows\System32\jupdate-1.7.0_25-b16.log
2013-06-17 18:15 - 2013-07-05 20:15 - 00000005 ____A C:\Users\Fujitsu\AppData\Roaming\WBPU-TTL.DAT
2013-06-16 16:34 - 2013-06-16 16:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point32_01011.Wdf
2013-06-16 16:34 - 2013-06-16 16:34 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-06-16 16:23 - 2013-06-16 16:23 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2013-06-14 21:48 - 2013-07-05 20:24 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-14 00:42 - 2013-06-14 00:42 - 00034578 ____A C:\Users\Fujitsu\Documents\ADA RG 1975 vom 13.6.2013.xlsx
2013-06-14 00:41 - 2013-06-14 00:45 - 00303104 ____A C:\Users\Fujitsu\Documents\Datenbank1.accdb
2013-06-14 00:31 - 2013-06-14 00:31 - 00000000 ____D C:\ProgramData\Sun
2013-06-14 00:31 - 2013-06-14 00:31 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-14 00:30 - 2013-06-21 17:38 - 00000000 ____D C:\Program Files\Java
2013-06-14 00:30 - 2013-06-12 21:48 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-14 00:30 - 2013-06-12 21:48 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-14 00:28 - 2013-06-14 00:33 - 00002440 ____A C:\Users\Fujitsu\Documents\Testdatenbank.odb
2013-06-14 00:27 - 2013-06-14 00:27 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\OpenOffice.org
2013-06-14 00:23 - 2013-06-14 00:23 - 00001130 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
2013-06-14 00:22 - 2013-06-14 00:22 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2013-06-14 00:21 - 2013-06-14 00:21 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-14 00:15 - 2013-07-05 20:15 - 00000294 ____A C:\Windows\Tasks\DSite.job
2013-06-14 00:15 - 2013-07-02 21:06 - 00000000 ____D C:\Users\Fujitsu\AppData\Local\Downloaded Installations
2013-06-14 00:15 - 2013-06-14 00:15 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\DSite
2013-06-12 16:16 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 16:16 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 16:16 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 16:16 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 16:16 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 16:16 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 16:14 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 16:14 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 16:14 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 16:14 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 16:14 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 16:14 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 16:14 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 16:14 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 16:14 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 16:14 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 15:39 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 15:39 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 15:39 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 15:39 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 15:39 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 15:39 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 15:39 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 15:39 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 15:39 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 15:39 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 15:39 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 15:39 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
==================== One Month Modified Files and Folders ========
2013-07-05 21:11 - 2013-07-05 21:11 - 00000000 ____D C:\FRST
2013-07-05 21:11 - 2013-07-05 21:10 - 01373373 ____A (Farbar) C:\Users\Fujitsu\Downloads\FRST.exe
2013-07-05 20:46 - 2013-05-17 23:41 - 00001100 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-05 20:45 - 2013-07-05 20:33 - 00085836 ____A C:\Users\Fujitsu\Downloads\OTL.Txt
2013-07-05 20:34 - 2013-07-05 20:34 - 00044414 ____A C:\Users\Fujitsu\Downloads\Extras.Txt
2013-07-05 20:26 - 2013-07-05 20:25 - 00602112 ____A (OldTimer Tools) C:\Users\Fujitsu\Downloads\OTL.exe
2013-07-05 20:24 - 2013-06-14 21:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-05 20:15 - 2013-06-17 18:15 - 00000005 ____A C:\Users\Fujitsu\AppData\Roaming\WBPU-TTL.DAT
2013-07-05 20:15 - 2013-06-14 00:15 - 00000294 ____A C:\Windows\Tasks\DSite.job
2013-07-05 19:04 - 2013-07-05 19:04 - 00001852 ____A C:\Users\Fujitsu\Desktop\Command & Conquer Generals.lnk
2013-07-05 18:54 - 2013-05-17 21:55 - 01507974 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 18:53 - 2009-07-14 06:34 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-05 18:53 - 2009-07-14 06:34 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-05 18:52 - 2013-05-17 21:49 - 01865765 ____A C:\Windows\WindowsUpdate.log
2013-07-05 18:47 - 2013-05-18 13:26 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-05 18:47 - 2013-05-17 23:41 - 00001096 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-05 18:47 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-05 18:47 - 2009-07-14 06:39 - 00039823 ____A C:\Windows\setupact.log
2013-07-03 20:38 - 2009-07-14 10:56 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-03 20:28 - 2009-07-14 06:33 - 00437880 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-02 22:46 - 2013-07-02 22:09 - 00000000 ____D C:\Users\Fujitsu\Documents\Command and Conquer Generals Data
2013-07-02 21:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-02 21:36 - 2013-07-02 21:28 - 00000000 ____D C:\Users\Fujitsu\Documents\Samsung S3
2013-07-02 21:18 - 2013-07-02 21:18 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-07-02 21:18 - 2013-07-02 21:18 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-07-02 21:18 - 2013-07-02 21:18 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\Samsung
2013-07-02 21:18 - 2013-07-02 21:18 - 00000000 ____D C:\Users\Fujitsu\AppData\Local\Samsung
2013-07-02 21:17 - 2013-07-02 21:17 - 00001952 ____A C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-07-02 21:17 - 2013-07-02 21:17 - 00001942 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2013-07-02 21:17 - 2013-07-02 21:17 - 00000000 ____D C:\Users\Fujitsu\Documents\samsung
2013-07-02 21:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-07-02 21:14 - 2013-07-02 21:11 - 00000000 ____D C:\Program Files\Samsung
2013-07-02 21:13 - 2013-07-02 21:13 - 00000000 ____D C:\Program Files\MyFree Codec
2013-07-02 21:13 - 2013-07-02 21:11 - 00000000 ____D C:\ProgramData\Samsung
2013-07-02 21:11 - 2013-05-17 22:33 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-02 21:06 - 2013-06-14 00:15 - 00000000 ____D C:\Users\Fujitsu\AppData\Local\Downloaded Installations
2013-07-02 21:05 - 2013-07-02 21:01 - 00000000 ____D C:\Users\Fujitsu\Documents\2gb sd datenrettung 02.07.2013
2013-07-02 21:04 - 2013-07-02 21:03 - 69438144 ____A (Samsung Electronics Co., Ltd. ) C:\Users\Fujitsu\Downloads\KiesSetup.exe
2013-07-02 20:32 - 2013-07-02 20:32 - 03234713 ____A C:\Users\Fujitsu\Downloads\rcsetup147.zip
2013-07-02 20:21 - 2013-07-02 20:21 - 02346920 ____A (LionSea SoftWare ) C:\Users\Fujitsu\Downloads\setup.exe
2013-07-02 20:15 - 2013-05-17 22:35 - 00116072 ____A C:\Users\Fujitsu\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-02 20:12 - 2013-07-02 20:12 - 00000613 ____A C:\Windows\eReg.dat
2013-07-02 19:52 - 2013-07-02 19:52 - 00000000 ____D C:\Program Files\EA Games
2013-07-02 19:51 - 2013-05-17 22:54 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-07-01 19:24 - 2013-07-01 19:23 - 00004332 ____A C:\Users\Fujitsu\Downloads\alleUmsaetzeKTO54717100_20130701.csv
2013-07-01 19:08 - 2013-07-01 19:08 - 00003279 ____A C:\Users\Fujitsu\Downloads\01-avicii-wake_me_up_(radio_edit).mp3.nzb
2013-07-01 18:35 - 2013-07-01 18:35 - 00000597 ____A C:\Users\Fujitsu\Downloads\__nEwZNZB.iNFO.nfo.nzb
2013-07-01 18:30 - 2013-07-01 18:30 - 00105095 ____A C:\Users\Fujitsu\Downloads\000-german_top100_single_charts_24_06_2013-mcg.m3u.nzb
2013-07-01 18:26 - 2013-07-01 18:26 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\GrabIt
2013-07-01 18:25 - 2013-07-01 18:25 - 00000941 ____A C:\Users\Fujitsu\Desktop\GrabIt.lnk
2013-07-01 18:25 - 2013-07-01 18:24 - 00000000 ____D C:\Program Files\GrabIt
2013-07-01 18:18 - 2013-07-01 18:16 - 00000000 ____D C:\Program Files\Windows Live
2013-07-01 18:15 - 2013-07-01 18:15 - 02427820 ____A (Ilan Shemes ) C:\Users\Fujitsu\Downloads\GrabIt172b.exe
2013-07-01 18:15 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-06-28 16:31 - 2013-06-28 16:30 - 142608624 ____A (Microsoft Corporation) C:\Users\Fujitsu\Downloads\wlsetup-all_de_16.4.3505.0912.exe
2013-06-25 15:35 - 2013-06-25 15:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-06-22 15:14 - 2013-06-22 15:13 - 00000000 ____D C:\Users\Fujitsu\Downloads\tools & stuff
2013-06-21 20:41 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-21 17:38 - 2013-06-21 17:37 - 00004932 ____A C:\Windows\System32\jupdate-1.7.0_25-b16.log
2013-06-21 17:38 - 2013-06-14 00:30 - 00000000 ____D C:\Program Files\Java
2013-06-21 16:47 - 2013-05-17 23:44 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-16 16:34 - 2013-06-16 16:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point32_01011.Wdf
2013-06-16 16:34 - 2013-06-16 16:34 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-06-16 16:23 - 2013-06-16 16:23 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2013-06-14 21:48 - 2013-05-17 23:14 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-14 21:48 - 2013-05-17 23:14 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-14 00:45 - 2013-06-14 00:41 - 00303104 ____A C:\Users\Fujitsu\Documents\Datenbank1.accdb
2013-06-14 00:42 - 2013-06-14 00:42 - 00034578 ____A C:\Users\Fujitsu\Documents\ADA RG 1975 vom 13.6.2013.xlsx
2013-06-14 00:33 - 2013-06-14 00:28 - 00002440 ____A C:\Users\Fujitsu\Documents\Testdatenbank.odb
2013-06-14 00:31 - 2013-06-14 00:31 - 00000000 ____D C:\ProgramData\Sun
2013-06-14 00:31 - 2013-06-14 00:31 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-14 00:27 - 2013-06-14 00:27 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\OpenOffice.org
2013-06-14 00:23 - 2013-06-14 00:23 - 00001130 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
2013-06-14 00:22 - 2013-06-14 00:22 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2013-06-14 00:21 - 2013-06-14 00:21 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-14 00:21 - 2013-05-17 21:51 - 00000000 ____D C:\users\Fujitsu
2013-06-14 00:15 - 2013-06-14 00:15 - 00000000 ____D C:\Users\Fujitsu\AppData\Roaming\DSite
2013-06-12 21:48 - 2013-06-21 17:38 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-12 21:48 - 2013-06-14 00:30 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-12 21:48 - 2013-06-14 00:30 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-12 21:43 - 2013-06-21 17:38 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-12 21:43 - 2013-06-21 17:38 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-12 21:43 - 2013-06-21 17:38 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-12 19:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-12 16:17 - 2013-05-17 22:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 16:15 - 2009-10-14 04:21 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-08 13:42 - 2013-06-12 16:16 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-12 16:16 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-12 16:16 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-12 16:16 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-12 16:16 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-12 16:16 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-28 16:48
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2013
Ran by Fujitsu at 2013-07-05 21:12:24
Running from C:\Users\Fujitsu\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adobe AIR (Version: 3.7.0.1860)
Adobe Download Assistant (Version: 1.2.5)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Badaboom 1.2.1.13 (Version: 1.2.1.13)
Belkin Connect Wireless USB Adapter (Version: 1.0.0.3)
BlueStacks App Player (Version: 0.7.11.879)
BlueStacks Notification Center (Version: 0.7.11.879)
Command & Conquer 3 (Version: 1.00.0000)
Command & Conquer Generals (Version: 0.50.0000)
Command & Conquer™ Alarmstufe Rot 3 Der Aufstand (Version: 1.0.1.0)
D3DX10 (Version: 15.4.2368.0902)
Google Chrome (Version: 27.0.1453.116)
Google Update Helper (Version: 1.3.21.145)
GrabIt 1.7.2 Beta 6 (build 1008)
Intel(R) Processor Graphics (Version: 9.17.10.2932)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 16.4.3505.0912)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MyFreeCodec
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA HD-Audiotreiber 1.1.13.1 (Version: 1.1.13.1)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Origin (Version: 9.1.15.109)
Realtek Ethernet Controller Driver (Version: 7.58.411.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6767)
Samsung Kies (Version: 2.5.3.13052_10)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Zip Opener
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Mail (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
==================== Restore Points =========================
07-06-2013 16:18:46 Windows Update
09-06-2013 17:00:23 Windows-Sicherung
10-06-2013 19:30:49 Windows Update
12-06-2013 14:13:40 Windows Update
13-06-2013 22:19:36 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
13-06-2013 22:22:09 OpenOffice.org 3.4.1 wird installiert
13-06-2013 22:30:11 Installed Java 7 Update 21
16-06-2013 14:33:17 Windows Update
16-06-2013 15:02:48 Windows Update
17-06-2013 16:11:54 Windows-Sicherung
20-06-2013 22:57:54 Windows Update
21-06-2013 15:37:08 Installed Java 7 Update 25
24-06-2013 14:01:08 Windows-Sicherung
24-06-2013 14:11:31 Windows Update
27-06-2013 17:16:39 Windows Update
01-07-2013 16:13:14 Windows Live Essentials
01-07-2013 16:15:53 Windows-Sicherung
01-07-2013 16:16:39 WLSetup
01-07-2013 16:41:07 Windows Update
02-07-2013 17:51:47 Installiert Command & Conquer Generals
02-07-2013 19:10:31 Installed Samsung Kies
04-07-2013 19:36:14 Windows Update
04-07-2013 19:53:57 Konfiguriert Command & Conquer Generals
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {21B5ACD0-1796-4BFB-A4F6-B13014C6961B} - System32\Tasks\User_Feed_Synchronization-{FAD26D69-4229-426D-A2B8-CEBAA727C868} => C:\Windows\system32\msfeedssync.exe [2013-05-19] (Microsoft Corporation)
Task: {28542B85-A33B-42CC-BF50-0B803FBA483B} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe [2013-05-17] (Microsoft Corporation)
Task: {35ECF787-A76D-46C8-B0F1-5C690609DC5D} - System32\Tasks\DSite => C:\Users\Fujitsu\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE [2013-06-14] ()
Task: {3CB4A6EE-1698-49DB-BED1-6926FDE46648} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {3D4E4D66-E507-4852-A9AB-A333A12EDD02} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {44C60B84-D152-4190-B28D-694FF38BAD8D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-17] (Google Inc.)
Task: {44FF59B2-7F20-469C-A791-BA6452B3AF92} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-14] (Adobe Systems Incorporated)
Task: {47004910-46B1-4020-94B3-42E3E0FF8026} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1482170188-4151695629-2008753987-1000
Task: {4C0C3E68-E17D-42A5-9757-0B98DB31EDAD} - System32\Tasks\4927 => C:\Windows\System32\wscript.exe [2009-07-14] (Microsoft Corporation)
Task: {4FD4E1E0-C7D3-4B19-8F4F-9633D8DAE4E9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {50B8A7C3-51E1-4354-AE55-D8A1112AE8BC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {6020A33C-38F0-45BF-9139-BABA8E596FC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-17] (Google Inc.)
Task: {A4E87966-0281-490D-B886-4B8D59E198F4} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {ADDC238A-BF7B-4E8D-847D-D56DD0A105A1} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {B10AC56C-82FF-4648-8993-ECE421D10332} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {B90BA056-804B-41A0-9584-0DF52F4C4532} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {B935E98C-63BB-49AF-8B6A-15F954DDF9D2} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {B9A78183-92F4-4A69-B3DB-B80A48D63A16} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {BB7235D5-6224-45C3-9A61-67033E23476C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {F923A6FE-5D1C-432C-B408-4CEE1B68F8D0} - System32\Tasks\QtraxPlayer => C:\Program Files\Microsoft Silverlight\sllauncher.exe [2013-01-24] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DSite.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Faulty Device Manager Devices =============
Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/05/2013 08:29:05 PM) (Source: Application Hang) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b94
Startzeit: 01ce79ad1d6b2278
Endzeit: 23
Anwendungspfad: C:\Users\Fujitsu\Downloads\OTL.exe
Berichts-ID:
Error: (07/05/2013 07:39:54 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (07/03/2013 09:10:30 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (07/02/2013 10:37:41 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (07/02/2013 09:14:08 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (07/02/2013 07:51:46 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {f4ff3946-4064-44b6-9a5c-c4591e07865a}
Error: (07/01/2013 06:39:28 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (07/01/2013 06:13:14 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {74d92320-a08a-46e2-8e57-62a183896d5b}
Error: (06/28/2013 04:48:23 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (06/24/2013 04:00:00 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
System errors:
=============
Error: (07/02/2013 08:59:28 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR7 gefunden.
Error: (07/02/2013 08:59:27 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR7 gefunden.
Error: (07/02/2013 08:33:22 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
Error: (07/02/2013 08:14:32 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.
Error: (07/02/2013 08:14:02 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht.
Error: (07/02/2013 08:13:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Anwendungserfahrung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/02/2013 08:13:03 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AeLookupSvc erreicht.
Error: (07/02/2013 08:12:33 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht.
Error: (07/02/2013 08:10:45 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error: (07/02/2013 08:10:45 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Microsoft Office Sessions:
=========================
Error: (05/30/2013 01:10:50 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1168 seconds with 540 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 83%
Total physical RAM: 2022.41 MB
Available physical RAM: 324.68 MB
Total Pagefile: 4044.82 MB
Available Pagefile: 1527.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.46 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.76 GB) (Free:412.38 GB) NTFS
Drive d: () (Fixed) (Total:232.79 GB) (Free:162.66 GB) NTFS
Drive e: (GENERALS1) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 71765B60)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 466 GB) (Disk ID: E69B44D4)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
06.07.2013, 08:46
| #4 |
| /// the machine /// TB-Ausbilder | online.loginwinner Ja  Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Logfile bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu online.loginwinner |
| adobe flash player, autorun, bho, bluestacks, browser, defender, desktop, firefox, flash player, format, google, iexplore.exe, internet, logfile, nvidia, plug-in, problem, programme, realtek, registry, samsung kies, scan, security, senden, software, starten, tarma, taskhost.exe, windows, wmp |
Linear-Darstellung
