Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: VLC von der falschen Seite geladen..

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.01.2014, 10:40   #1
stigma
 
VLC von der falschen Seite geladen.. - Standard

VLC von der falschen Seite geladen..



Hallo zusammen,
ich bin auch mal wieder hier.
Ich habe mir vor einigen Tagen VLC von VLC.de runtergeladen. Nun ist mir aufgefallen, dass auf meinem Desktop ein Symbol Startseite ist. (Ab und an habe ich diese Seite auch mal im Browser gesehen, aber irgendwie hat mich das nicht weiter verwundert) Eigentlich wollte ich das ganze einfach deinstallieren, habe dann beim googlen aber gesehen, dass es sich dabei wohl auch um Trojaner oder ähnliches handeln kann.
Kann mir vielleicht jemand helfen, wie ich das Zeug wieder weg bekomme? (Dabei hatte ich gerade erst Windows 8 neu installiert und war froh endlich mal 100% sicher sein zu können, dass nicht böses drauf ist.. nun ja)
Ich hab in einem anderen Thread gelesen, dass man OTL laufen lassen sollte, also habe ich das schon mal gemacht falls es euch hilft.

Vielen vielen Dank schonmal!
LG

Code:
ATTFilter
OTL logfile created on: 15.01.2014 10:12:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Prinzessin\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,59% Memory free
4,65 Gb Paging File | 3,27 Gb Available in Paging File | 70,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,17 Gb Total Space | 800,94 Gb Free Space | 86,01% Space Free | Partition Type: NTFS
 
Computer Name: LILLI | User Name: Prinzessin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.01.15 10:10:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Prinzessin\Desktop\OTL.exe
PRC - [2013.12.18 02:02:36 | 030,714,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.11.26 21:48:28 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013.11.20 15:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013.09.14 02:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013.07.22 10:09:08 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.14 16:30:10 | 000,978,240 | ---- | M] (Fortinet Inc.) -- C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
PRC - [2012.08.14 16:12:44 | 000,192,530 | ---- | M] (Fortinet Inc.) -- C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
PRC - [2012.08.14 16:05:26 | 000,073,746 | ---- | M] (Fortinet Inc.) -- C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
PRC - [2006.09.12 23:00:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE
PRC - [2004.06.13 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSVC01A.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.12.18 02:01:12 | 003,558,400 | ---- | M] () -- C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013.09.14 00:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013.09.14 00:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013.08.23 20:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.04.21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013.04.21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.08.16 06:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013.06.24 23:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013.06.01 10:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013.05.04 07:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.05.04 07:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013.04.09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.01.10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.07.26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 04:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2014.01.01 21:47:27 | 000,119,920 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.08.14 16:05:26 | 000,073,746 | ---- | M] (Fortinet Inc.) [Auto | Running] -- C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe -- (FA_Scheduler)
SRV - [2012.07.26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2004.06.13 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.10.10 12:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013.10.05 07:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.10.02 03:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.08.16 06:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013.08.10 07:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.07.09 09:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013.07.02 02:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.07.02 02:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013.07.02 01:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.07.01 23:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.06.29 07:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.06.01 04:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.03.02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 11:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.01.10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.12.13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.19 06:46:20 | 000,447,864 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.14 16:32:30 | 000,046,888 | ---- | M] (Fortinet Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\FortiRdr2.sys -- (FortiRdr)
DRV:64bit: - [2012.08.14 16:32:28 | 000,126,760 | ---- | M] (Fortinet Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fortips.sys -- (Fortips)
DRV:64bit: - [2012.08.14 16:32:10 | 000,015,656 | ---- | M] (Fortinet Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fortiapd.sys -- (fortiapd)
DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 03:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012.07.26 03:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 03:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012.07.26 03:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.25 23:53:22 | 011,926,528 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.06.29 03:00:48 | 000,360,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.06.02 15:31:37 | 000,425,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2012.06.02 15:31:33 | 005,139,968 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BCMWL63A.SYS -- (BCM43XX)
DRV:64bit: - [2011.09.09 08:21:26 | 000,023,928 | ---- | M] (Fortinet Inc) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\FortiFilter.sys -- (FortiFilter)
DRV:64bit: - [2011.03.21 12:54:24 | 000,016,928 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ftvnic.sys -- (ft_vnic)
DRV:64bit: - [2009.06.25 16:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.25 15:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.25 15:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\rimspx64.sys -- (rimsptsk)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {20B1356B-8C0D-4BA9-907C-B5A739CC1D05}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{20B1356B-8C0D-4BA9-907C-B5A739CC1D05}: "URL" = hxxp://www.sm.de/?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 CA 91 9E FC 03 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {20B1356B-8C0D-4BA9-907C-B5A739CC1D05}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{20B1356B-8C0D-4BA9-907C-B5A739CC1D05}: "URL" = hxxp://www.sm.de/?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0a1
FF - prefs.js..network.proxy.http: "proxy.fh-brandenburg.de"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 29.0a1\extensions\\Components: C:\Program Files (x86)\Nightly\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 29.0a1\extensions\\Plugins: C:\Program Files (x86)\Nightly\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Nightly 29.0a1\extensions\\Components: C:\Program Files (x86)\Nightly\components
FF - HKEY_CURRENT_USER\software\mozilla\Nightly 29.0a1\extensions\\Plugins: C:\Program Files (x86)\Nightly\plugins
 
[2013.08.15 18:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prinzessin\AppData\Roaming\mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Google Docs = C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: iCloud-Lesezeichen = C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0\
CHR - Extension: Hola Besseres Internet = C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.2.290_0\
CHR - Extension: Google Wallet = C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Mail = C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - Startup: C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{179D611B-4400-4760-B24C-281784C0B406}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73A2423E-CE5C-4673-BD07-5059F5A97DBC}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5CA293A-A3BE-43AE-A169-037BAEB0823B}: DhcpNameServer = *** ***
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {74166507-F39E-305E-A972-2C3478E47350} - .NET Framework
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {3A8403F3-90B5-35DC-8926-EB9B907209F9} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.01.15 10:10:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Prinzessin\Desktop\OTL.exe
[2014.01.11 21:21:26 | 000,000,000 | ---D | C] -- C:\Users\Prinzessin\AppData\Roaming\vlc
[2014.01.11 21:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014.01.11 21:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2014.01.04 15:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2014.01.04 15:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2014.01.01 21:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nightly
[2014.01.01 18:43:02 | 000,000,000 | ---D | C] -- C:\Users\Prinzessin\Documents\Kiwilicious
[2013.12.29 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\Prinzessin\Desktop\uploads
[2013.12.28 19:51:41 | 000,000,000 | ---D | C] -- C:\Users\Prinzessin\Documents\XAMPP
[2013.12.28 16:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
[2013.12.28 16:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\XAMPP
[2013.12.28 16:38:37 | 000,000,000 | ---D | C] -- C:\Users\Prinzessin\AppData\Roaming\Helios
[2013.12.28 16:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TextPad
[2013.12.28 16:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\TextPad 7
[2013.12.27 21:06:08 | 000,000,000 | ---D | C] -- C:\Users\Prinzessin\Desktop\Kiwilicious Backup 27.12
[2013.12.23 12:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.12.23 12:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.12.23 12:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013.12.23 12:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.12.23 12:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.12.23 12:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.12.23 12:18:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.12.23 12:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
 
========== Files - Modified Within 30 Days ==========
 
[2014.01.15 10:10:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Prinzessin\Desktop\OTL.exe
[2014.01.15 10:03:17 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.01.15 10:02:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.01.14 23:53:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.01.13 17:49:12 | 001,654,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.01.13 17:49:12 | 000,715,482 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.01.13 17:49:12 | 000,674,948 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.01.13 17:49:12 | 000,148,046 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.01.13 17:49:12 | 000,124,834 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.01.11 21:19:56 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014.01.11 21:18:52 | 000,001,196 | ---- | M] () -- C:\Users\Prinzessin\Desktop\Startfenster.lnk
[2014.01.07 10:18:08 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014.01.04 15:47:12 | 3406,491,648 | -HS- | M] () -- C:\hiberfil.sys
[2014.01.04 15:25:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2014.01.01 18:42:41 | 000,000,676 | ---- | M] () -- C:\Users\Prinzessin\Documents\cookie.html
[2014.01.01 18:42:40 | 000,000,512 | ---- | M] () -- C:\Users\Prinzessin\Documents\.htaccess
[2013.12.29 21:12:11 | 000,027,957 | ---- | M] () -- C:\Users\Prinzessin\Desktop\logo.jpg
[2013.12.29 14:34:50 | 000,322,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.12.28 23:00:33 | 008,114,263 | ---- | M] () -- C:\Users\Prinzessin\Desktop\4725693899_2dbf489d5e_o.jpg
[2013.12.28 19:57:13 | 000,085,063 | ---- | M] () -- C:\Users\Prinzessin\Desktop\pizzabroetchen.jpg
[2013.12.28 18:56:04 | 000,003,495 | ---- | M] () -- C:\Users\Prinzessin\Desktop\wp-config1.php
[2013.12.27 23:45:46 | 000,000,071 | ---- | M] () -- C:\Users\Prinzessin\Desktop\index.html
[2013.12.27 23:42:51 | 000,000,797 | ---- | M] () -- C:\Users\Prinzessin\Desktop\bodytile2.jpg
[2013.12.27 21:06:37 | 000,000,512 | ---- | M] () -- C:\Users\Prinzessin\Desktop\.htaccess.backup
[2013.12.23 12:19:32 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.12.18 22:01:03 | 000,001,016 | ---- | M] () -- C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.12.18 22:00:50 | 000,000,994 | ---- | M] () -- C:\Users\Prinzessin\Desktop\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2014.01.11 21:19:56 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014.01.11 21:18:52 | 000,001,196 | ---- | C] () -- C:\Users\Prinzessin\Desktop\Startfenster.lnk
[2014.01.04 15:25:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2014.01.01 18:42:40 | 000,000,676 | ---- | C] () -- C:\Users\Prinzessin\Documents\cookie.html
[2014.01.01 18:42:40 | 000,000,512 | ---- | C] () -- C:\Users\Prinzessin\Documents\.htaccess
[2013.12.29 21:12:11 | 000,027,957 | ---- | C] () -- C:\Users\Prinzessin\Desktop\logo.jpg
[2013.12.29 14:34:40 | 000,322,096 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.12.28 23:00:31 | 008,114,263 | ---- | C] () -- C:\Users\Prinzessin\Desktop\4725693899_2dbf489d5e_o.jpg
[2013.12.28 21:19:26 | 000,000,797 | ---- | C] () -- C:\Users\Prinzessin\Desktop\bodytile2.jpg
[2013.12.28 19:57:12 | 000,085,063 | ---- | C] () -- C:\Users\Prinzessin\Desktop\pizzabroetchen.jpg
[2013.12.28 18:07:17 | 000,000,512 | ---- | C] () -- C:\Users\Prinzessin\Desktop\.htaccess.backup
[2013.12.28 16:38:38 | 000,000,961 | ---- | C] () -- C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
[2013.12.27 23:45:46 | 000,000,071 | ---- | C] () -- C:\Users\Prinzessin\Desktop\index.html
[2013.12.27 20:56:23 | 000,003,495 | ---- | C] () -- C:\Users\Prinzessin\Desktop\wp-config1.php
[2013.12.23 12:19:32 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.09.15 14:38:16 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013.08.22 19:27:42 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2013.08.22 19:27:41 | 000,000,483 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.08.22 19:27:41 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013.08.15 19:04:00 | 000,000,054 | ---- | C] () -- C:\Users\Prinzessin\.gitconfig
[2013.08.15 14:05:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.08.02 07:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.08.02 06:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014.01.15 10:04:27 | 000,000,000 | ---D | M] -- C:\Users\Prinzessin\AppData\Roaming\Dropbox
[2014.01.01 21:00:12 | 000,000,000 | ---D | M] -- C:\Users\Prinzessin\AppData\Roaming\FileZilla
[2013.12.28 16:38:37 | 000,000,000 | ---D | M] -- C:\Users\Prinzessin\AppData\Roaming\Helios
[2013.08.15 19:01:29 | 000,000,000 | ---D | M] -- C:\Users\Prinzessin\AppData\Roaming\Sublime Text 2
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.09.04 17:44:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013.08.22 20:15:48 | 000,000,000 | ---D | M] -- C:\dell
[2012.07.26 08:22:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013.08.15 14:07:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.09.24 18:47:22 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.07.26 08:33:46 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2014.01.11 21:19:25 | 000,000,000 | R--D | M] -- C:\Program Files
[2014.01.04 18:41:18 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2014.01.04 15:24:47 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2013.08.15 14:07:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.08.15 19:02:13 | 000,000,000 | ---D | M] -- C:\RailsInstaller
[2013.08.16 14:31:33 | 000,000,000 | ---D | M] -- C:\Sites
[2014.01.14 20:39:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.08.15 14:15:57 | 000,000,000 | R--D | M] -- C:\Users
[2014.01.04 15:24:59 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2012.07.26 04:21:04 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2012.09.20 06:55:30 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2012.09.20 06:55:30 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2012.07.26 04:21:04 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2012.07.26 04:21:04 | 000,276,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2012.07.26 08:22:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013.08.24 16:38:21 | 000,001,126 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.08.24 16:38:23 | 000,001,130 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2012.07.26 06:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\SysNative\drivers\AGP440.sys
[2012.07.26 06:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_81a4c6c9cc9d86a0\AGP440.sys
[2012.07.26 06:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\WinSxS\amd64_machine.inf_31bf3856ad364e35_6.2.9200.16384_none_12dc94a048750f71\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\drivers\atapi.sys
[2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_69660e2be041f47b\atapi.sys
[2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_b733d17ea1e7f604\atapi.sys
[2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16384_none_3601cf7eab4e0493\atapi.sys
[2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16548_none_36311422ab29f479\atapi.sys
[2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.20652_none_36a9df45c455182a\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2013.03.12 16:00:10 | 000,025,600 | ---- | M] () MD5=3296A6B39A35330F1734A79B20B89FDE -- C:\Program Files\XAMPP\perl\vendor\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2013.06.01 12:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013.06.01 12:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac334d9034c59e1\explorer.exe
[2013.10.09 12:09:19 | 000,191,911 | ---- | M] () MD5=388F524C675EA9E21090AA17565F28E6 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2013.10.09 12:09:32 | 000,190,101 | ---- | M] () MD5=3EC07FE7A58419107E943C79DA27D9A4 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591aa9850d758e4\explorer.exe
[2013.10.07 21:20:13 | 000,220,321 | ---- | M] () MD5=8C66151BA74CDE0A7BA0FA462B40F0F0 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2013.10.09 12:09:26 | 000,191,929 | ---- | M] () MD5=950ECF811AB313435E491DAA522CB40B -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2013.10.07 21:20:02 | 000,221,955 | ---- | M] () MD5=9D6E440215925FC878DC8433650E3632 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2013.10.07 21:20:07 | 000,220,310 | ---- | M] () MD5=B5EC948CBF49AA251543A46706B9118C -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2013.06.01 11:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013.06.01 11:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517df2b37ad1bdc\explorer.exe
[2013.10.07 21:20:18 | 000,217,360 | ---- | M] () MD5=F1C050040B93B90FEA25EE91344BA1AF -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d00461c7696e9\explorer.exe
[2013.10.09 12:09:13 | 000,193,351 | ---- | M] () MD5=F8EAD819A9F15FCDE3279CB61331FCB0 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2012.07.26 06:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2012.07.26 06:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_819876bbe5c3b25f\iaStorV.sys
[2012.07.26 06:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.2.9200.16384_none_07daf9dd118c3086\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2012.07.26 04:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\SysWOW64\netlogon.dll
[2012.07.26 04:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_60d608f9f61ee049\netlogon.dll
[2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\SysNative\netlogon.dll
[2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_56815ea7c1be1e4e\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2012.07.26 06:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2012.07.26 06:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_7ba65ba4b222e751\nvstor.sys
[2012.07.26 06:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.2.9200.16384_none_92a46a8c48c2da5e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2012.07.26 04:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\Windows\SysNative\scecli.dll
[2012.07.26 04:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_90d789c062dfa509\scecli.dll
[2012.07.26 04:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\SysWOW64\scecli.dll
[2012.07.26 04:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\WinSxS\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_9b2c341297406704\scecli.dll
 
< MD5 for: USER32.DLL  >
[2013.10.08 21:28:41 | 000,001,406 | ---- | M] () MD5=065A5147BB4C2E2C717A367C3D4C4A82 -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16384_none_260213a5f720b529\user32.dll
[2013.10.09 13:08:06 | 000,000,190 | ---- | M] () MD5=212D1672F2D35824D7BC2EF5B0877FC4 -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16384_none_3056bdf82b817724\user32.dll
[2013.10.09 13:08:08 | 000,000,178 | ---- | M] () MD5=9D511F2BB76DDCD260BDAC6A70091BD3 -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.20521_none_311e3b534471206a\user32.dll
[2012.09.20 07:33:05 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=A99AD14F26BDA7D7F27F76BC91B7EED7 -- C:\Windows\SysNative\user32.dll
[2012.09.20 07:33:05 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=A99AD14F26BDA7D7F27F76BC91B7EED7 -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16420_none_263ef3ebf6f3a54e\user32.dll
[2012.09.20 05:10:09 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=BA1C3ACD929A71E88B49C2B6E38F92B3 -- C:\Windows\SysWOW64\user32.dll
[2012.09.20 05:10:09 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=BA1C3ACD929A71E88B49C2B6E38F92B3 -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16420_none_30939e3e2b546749\user32.dll
[2013.10.08 21:28:42 | 000,001,384 | ---- | M] () MD5=F57B5007FE353F0EBB17BC0CD0FA1A35 -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.20521_none_26c9910110105e6f\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2012.07.26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
[2012.07.26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012.07.26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012.07.26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2013.10.09 11:54:39 | 000,053,889 | ---- | M] () MD5=4887091F1F0994D1C0CF79AF5C7435AA -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2013.10.09 11:54:40 | 000,053,884 | ---- | M] () MD5=4D93D525452AEF21EA4197F08F18749B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2013.10.09 11:54:41 | 000,001,620 | ---- | M] () MD5=A0B9F5CD3C096769860438272D3C2387 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
[2012.10.11 06:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
[2012.10.11 06:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2013.10.09 11:54:40 | 000,053,876 | ---- | M] () MD5=C501F59F4F60237FC7DCE8D2DF882ADC -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2013.10.09 11:20:07 | 000,000,164 | ---- | M] () MD5=4B0F0ADB1EAF1BC7CC984F82BB0A4CE6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.20521_none_a917c5946a81857e\ws2ifsl.sys
[2012.09.20 07:09:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BC8B5CB336E63BB25EAD1CE8EDD34B81 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2012.09.20 07:09:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BC8B5CB336E63BB25EAD1CE8EDD34B81 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.16420_none_a88d287f5164cc5d\ws2ifsl.sys
[2013.10.09 11:20:06 | 000,001,242 | ---- | M] () MD5=F4CEE9072FB6A65C93F387AB7E7D4E5E -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.16384_none_a85048395191dc38\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.10.11 06:06:08 | 000,550,912 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
< %USERPROFILE%\*.* >
[2013.08.15 19:04:09 | 000,000,054 | ---- | M] () -- C:\Users\Prinzessin\.gitconfig
[2014.01.15 00:02:41 | 001,835,008 | -HS- | M] () -- C:\Users\Prinzessin\NTUSER.DAT
[2013.08.15 14:15:58 | 000,184,320 | -HS- | M] () -- C:\Users\Prinzessin\ntuser.dat.LOG1
[2013.08.15 14:15:58 | 000,000,000 | -HS- | M] () -- C:\Users\Prinzessin\ntuser.dat.LOG2
[2013.11.21 12:07:52 | 000,065,536 | -HS- | M] () -- C:\Users\Prinzessin\NTUSER.DAT{42d1338c-d6ff-11e1-9797-a4badb27af46}.TM.blf
[2013.11.21 12:07:52 | 000,524,288 | -HS- | M] () -- C:\Users\Prinzessin\NTUSER.DAT{42d1338c-d6ff-11e1-9797-a4badb27af46}.TMContainer00000000000000000001.regtrans-ms
[2013.08.15 14:38:10 | 000,524,288 | -HS- | M] () -- C:\Users\Prinzessin\NTUSER.DAT{42d1338c-d6ff-11e1-9797-a4badb27af46}.TMContainer00000000000000000002.regtrans-ms
[2013.08.15 14:15:58 | 000,000,020 | -HS- | M] () -- C:\Users\Prinzessin\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         

Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 15.01.2014 10:12:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Prinzessin\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,59% Memory free
4,65 Gb Paging File | 3,27 Gb Available in Paging File | 70,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,17 Gb Total Space | 800,94 Gb Free Space | 86,01% Space Free | Partition Type: NTFS
 
Computer Name: LILLI | User Name: Prinzessin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042C0BA9-9709-402F-8D83-27B821296A68}" = rport=137 | protocol=17 | dir=out | app=system | 
"{15ECAC88-7A7E-4323-B854-2BBDEFED4248}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{29C4D931-8BF2-47E9-A32D-A1B82E7AD893}" = rport=445 | protocol=6 | dir=out | app=system | 
"{34E225EA-BD80-4C13-8F76-31C73B909620}" = lport=137 | protocol=17 | dir=in | app=system | 
"{46634876-FBB7-4F6B-8D40-074DE5ABEA0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4CA1F5DD-BE8B-4996-ABA3-7BAC07A1DC7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{55B8F883-5D69-4B55-9518-603C08A52587}" = rport=139 | protocol=6 | dir=out | app=system | 
"{573EAA82-1F2E-4DB0-8903-349CAF2B851A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5B91B34D-73F1-463F-B78D-B242CAAE0636}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C3F1A3E4-A0BE-47CC-9F9B-18FCB6549D83}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F3B86C5F-1F91-419D-A178-C87E17633C8C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F581B47C-ACFD-4A9F-9209-026A109CE72F}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06BFAD8E-0130-41D0-9AF6-5A2764DBB266}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{168EB790-3D3F-4DA9-8990-9134AE65DADC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{1A4679AE-FAD1-4692-A371-2F67C3AFC91C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{24A492B4-5145-4F37-B353-4FDF851AFE58}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{39F29D94-6826-4123-BB90-9659D63B0D40}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{3FD84C55-6FB6-45CD-91EA-83BE8BED87C1}" = dir=in | app=c:\program files (x86)\fortinet\forticlient\fcmgr.exe | 
"{40772D2E-DA20-4E43-BEF0-036E3B2A5A2B}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{424812B1-3AD4-43C4-AC3E-76C0740A88CA}" = dir=out | name=@{microsoft.zunevideo_1.5.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{42FA766D-939D-4687-B172-570E645C2DF0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{466E7154-AAD3-4051-BDA9-6A4C1B6153FC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{47ACE3F5-4FEF-43CB-8E5B-E8B1B5E6923A}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{47BD74C1-6C5B-4B00-B197-85C6AAA67D45}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{79AEDABB-0BF7-44D0-9E17-58351F6D212D}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{79B2ED5A-C51E-46D6-8246-EDBE24904794}" = dir=in | app=c:\program files (x86)\fortinet\forticlient\fortiproxy.exe | 
"{7DC86072-3BAF-41E2-BF09-160F0DD8A6EF}" = protocol=17 | dir=in | app=c:\users\prinzessin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7E0830CE-CB2A-4970-8C3F-5C4BBB33EF6B}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{832FD417-2B48-4244-8D6B-3EC0E4F78ACD}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{8892383D-1AC0-4224-AC7C-1D1D94F3CB85}" = protocol=6 | dir=in | app=c:\users\prinzessin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8C6B77F5-0541-431C-BB97-1521C52F4EC8}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{9D2C5142-E25B-4EC5-98D0-2EB1E24A689B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9DAE4517-D836-402E-A994-4C18165ABF12}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{A31C76C8-8CDC-4B6F-92BB-5593DF35ACE2}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{A47F1BD6-002F-4251-A2C0-261082A92B04}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A520D9FC-A267-41BE-A49D-9ED66E0CD9B2}" = dir=out | name=@{microsoft.bingsports_2.0.0.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{ACF9C4F8-3C3E-4B00-B8C2-EC8EE1607D3C}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{B2078B05-0471-4023-849E-5A28BA8EE88A}" = dir=out | name=@{47482gr8escape.breinbrekers_1.70.13264.1_neutral__tdkxbdjykrnnj?ms-resource://47482gr8escape.breinbrekers/resources/appname/text} | 
"{B6CD26FE-F978-45F8-8C8C-DAE3ED070A6F}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{B6F600A7-D254-4042-BDCB-DB17BD540AB8}" = dir=in | app=c:\program files (x86)\fortinet\forticlient\ipsec.exe | 
"{C3A04135-75A5-4D10-BBC5-A9B59E48E4FA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C67ABD2B-4F47-485B-8B0F-59B6720A5892}" = dir=in | app=c:\program files (x86)\fortinet\forticlient\fortiwad.exe | 
"{CAE80B25-9404-4E6B-BE46-7E1BA2EE87EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D34E4FB6-0BB1-47A1-AB14-6009AC478389}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{D5955BB7-78A0-4B67-BCD1-5AFBC7AFF86A}" = dir=out | name=@{microsoft.zunemusic_1.4.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{D7CE864E-62A4-4EBD-B53A-85D576AA153F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F8C6AA7D-FBD6-4D6D-B6AD-27B773BEE6E8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FF83CE2E-9173-4642-9924-4C465F269269}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"TCP Query User{37C441E1-59A0-44E2-8BB8-C2EF7B468450}C:\users\prinzessin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\prinzessin\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{8D95FAF3-B775-4342-B6BD-7221DD53657B}C:\program files\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\program files\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{93C27297-718F-472B-ADC6-9E9A28BF5747}C:\railsinstaller\ruby1.9.3\bin\ruby.exe" = protocol=6 | dir=in | app=c:\railsinstaller\ruby1.9.3\bin\ruby.exe | 
"TCP Query User{DC0B9CAF-0B8D-4DA6-B0BE-697DAC0FA4BE}C:\program files\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files\xampp\apache\bin\httpd.exe | 
"UDP Query User{43CD6CB6-A5A7-495D-BACB-B2A53172D8AF}C:\railsinstaller\ruby1.9.3\bin\ruby.exe" = protocol=17 | dir=in | app=c:\railsinstaller\ruby1.9.3\bin\ruby.exe | 
"UDP Query User{551F53D1-9F56-4348-A6A3-9D147FF3F070}C:\program files\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\program files\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{AD10EA24-30AF-4B95-BB87-7A8A911672B1}C:\program files\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files\xampp\apache\bin\httpd.exe | 
"UDP Query User{D193A6CD-AB70-4580-B02B-C6547ED1F48E}C:\users\prinzessin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\prinzessin\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour-Druckdienste
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B897488-D57A-4BC6-90A1-018F1825E2E5}" = FortiClient
"{52C23381-8FED-4DB0-A07F-CCE9C9061475}" = TextPad 7
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"Sublime Text 2_is1" = Sublime Text 2.0.2
"VLC media player" = VLC media player 2.1.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.04
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.7.0
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Deutsch
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"FileZilla Client" = FileZilla Client 3.7.3
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"JabRef 2.9.2" = JabRef 2.9.2
"MiKTeX 2.9" = MiKTeX 2.9
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nightly 29.0a1 (x86 en-US)" = Nightly 29.0a1 (x86 en-US)
"TeXnicCenter_is1" = TeXnicCenter Version 2.02 Stable
"xampp" = XAMPP
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{613C3EA5-1248-4E35-B61A-6D0B31BBC0DB}_is1" = RailsInstaller 2.2.2
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.01.2014 17:29:20 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 11.01.2014 17:29:20 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1513
 
Error - 11.01.2014 17:29:20 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1513
 
Error - 11.01.2014 17:29:21 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 11.01.2014 17:29:21 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2979
 
Error - 11.01.2014 17:29:21 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2979
 
Error - 13.01.2014 10:31:28 | Computer Name = Lilli | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 14.01.2014 13:56:01 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.01.2014 13:56:01 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1497
 
Error - 14.01.2014 13:56:01 | Computer Name = Lilli | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1497
 
[ System Events ]
Error - 13.01.2014 13:01:33 | Computer Name = Lilli | Source = DCOM | ID = 10010
Description = 
 
Error - 13.01.2014 13:01:33 | Computer Name = Lilli | Source = DCOM | ID = 10010
Description = 
 
Error - 13.01.2014 13:01:33 | Computer Name = Lilli | Source = DCOM | ID = 10010
Description = 
 
Error - 13.01.2014 13:01:33 | Computer Name = Lilli | Source = DCOM | ID = 10010
Description = 
 
Error - 13.01.2014 13:01:33 | Computer Name = Lilli | Source = DCOM | ID = 10010
Description = 
 
Error - 13.01.2014 13:01:33 | Computer Name = Lilli | Source = DCOM | ID = 10010
Description = 
 
Error - 13.01.2014 13:01:33 | Computer Name = Lilli | Source = DCOM | ID = 10010
Description = 
 
Error - 14.01.2014 12:11:42 | Computer Name = Lilli | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description = 
 
Error - 14.01.2014 13:03:36 | Computer Name = Lilli | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 14.01.2014 13:56:02 | Computer Name = Lilli | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description = 
 
 
< End of report >
         

Alt 15.01.2014, 10:57   #2
schrauber
/// the machine
/// TB-Ausbilder
 

VLC von der falschen Seite geladen.. - Standard

VLC von der falschen Seite geladen..



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 15.01.2014, 11:47   #3
stigma
 
VLC von der falschen Seite geladen.. - Standard

VLC von der falschen Seite geladen..



Hallo,
danke für die schnell Hilfe. Hier die beiden Logs.

FRST-txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by Prinzessin (administrator) on LILLI on 15-01-2014 11:44:39
Running from C:\Users\Prinzessin\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official downoad link fo FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Dropbox, Inc.) C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE3CA919EFC03CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - DefaultScope {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Prinzessin\AppData\Roaming\Mozilla\Firefox\Profiles\jp8va1ae.default
FF Homepage: hxxp://www.startfenster.de
FF NetworkProxy: "http", "proxy.fh-brandenburg.de"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-08-24]
CHR Extension: (Google Drive) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-08-24]
CHR Extension: (YouTube) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-08-24]
CHR Extension: (Google Search) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-08-24]
CHR Extension: (iCloud Bookmarks) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0 [2013-12-14]
CHR Extension: (Hola Better Internet) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.2.290_0 [2014-01-01]
CHR Extension: (Google Wallet) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-26]
CHR Extension: (Gmail) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2013-08-24]

==================== Services (Whitelisted) =================

U2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
U2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [73746 2012-08-14] (Fortinet Inc.)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
U3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [15656 2012-08-14] (Fortinet Inc)
U1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [23928 2011-09-09] (Fortinet Inc)
U3 Fortips; C:\Windows\System32\drivers\fortips.sys [126760 2012-08-14] (Fortinet Inc)
U3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [46888 2012-08-14] (Fortinet Inc)
U3 ft_vnic; C:\Windows\system32\DRIVERS\ftvnic.sys [16928 2011-03-21] (Fortinet Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-15 11:44 - 2014-01-15 11:44 - 00011023 _____ C:\Users\Prinzessin\Desktop\FRST.txt
2014-01-15 11:44 - 2014-01-15 11:44 - 00000000 ____D C:\FRST
2014-01-15 11:43 - 2014-01-15 11:43 - 02076160 _____ (Farbar) C:\Users\Prinzessin\Desktop\FRST64.exe
2014-01-15 10:31 - 2014-01-15 10:39 - 00048596 _____ C:\Users\Prinzessin\Desktop\Extras.Txt
2014-01-15 10:31 - 2014-01-15 10:32 - 00133010 _____ C:\Users\Prinzessin\Desktop\OTL.Txt
2014-01-15 10:10 - 2014-01-15 10:10 - 00602112 _____ (OldTimer Tools) C:\Users\Prinzessin\Desktop\OTL.exe
2014-01-11 21:21 - 2014-01-11 21:21 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\vlc
2014-01-11 21:19 - 2014-01-11 21:19 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 21:19 - 2014-01-11 21:19 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 21:18 - 2014-01-11 21:18 - 00001196 _____ C:\Users\Prinzessin\Desktop\Startfenster.lnk
2014-01-11 21:18 - 2014-01-11 21:18 - 00001196 _____ C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
2014-01-11 21:01 - 2014-01-11 21:02 - 24738792 _____ C:\Users\Prinzessin\Downloads\vlc-2.1.2-win64.exe
2014-01-06 20:39 - 2014-01-06 20:39 - 00518875 _____ C:\Users\Prinzessin\Downloads\HA_Statistic.zip
2014-01-06 20:39 - 2014-01-06 20:39 - 00000000 ____D C:\Users\Prinzessin\Downloads\HA_Statistic
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D C:\Program Files\DellTPad
2014-01-04 15:24 - 2014-01-04 15:32 - 00004928 _____ C:\Windows\DPINST.LOG
2014-01-04 15:24 - 2014-01-04 15:24 - 00000000 ____D C:\ProgramData\Dell
2014-01-04 15:24 - 2012-09-19 06:46 - 00447864 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys
2014-01-04 15:24 - 2012-05-17 14:08 - 00113048 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2014-01-04 15:24 - 2009-07-14 09:51 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-01-04 15:18 - 2014-01-04 15:24 - 69095472 _____ (Dell Inc.) C:\Users\Prinzessin\Downloads\Input_Driver_FGG85_WN_8.1200.101.214_A02.EXE
2014-01-04 15:16 - 2014-01-04 15:16 - 10121992 _____ C:\Users\Prinzessin\Downloads\Tocuhpad treiber.exe
2014-01-01 21:47 - 2014-01-01 21:47 - 00000000 ____D C:\Program Files (x86)\Nightly
2014-01-01 18:43 - 2014-01-01 18:53 - 00000000 ____D C:\Users\Prinzessin\Documents\Kiwilicious
2014-01-01 18:42 - 2014-01-01 18:42 - 00000676 _____ C:\Users\Prinzessin\Documents\cookie.html
2014-01-01 18:42 - 2014-01-01 18:42 - 00000512 _____ C:\Users\Prinzessin\Documents\.htaccess
2013-12-29 20:21 - 2013-12-29 20:21 - 00000000 ____D C:\Users\Prinzessin\Desktop\uploads
2013-12-29 14:34 - 2013-12-29 14:34 - 00322096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o.psd
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o (1).psd
2013-12-28 19:51 - 2014-01-01 18:45 - 00000000 ____D C:\Users\Prinzessin\Documents\XAMPP
2013-12-28 19:30 - 2013-12-28 19:30 - 00055224 _____ C:\Users\Prinzessin\Downloads\backerinchen.wordpress.2013-12-28.xml
2013-12-28 19:24 - 2013-12-28 19:24 - 00162710 _____ C:\Users\Prinzessin\Downloads\kiwilicious.wordpress.2013-12-28.xml
2013-12-28 19:15 - 2013-12-28 19:15 - 00000000 ____D C:\Users\Prinzessin\Downloads\wordpress-3.8
2013-12-28 19:12 - 2013-12-28 19:13 - 06367550 _____ C:\Users\Prinzessin\Downloads\wordpress-3.8.zip
2013-12-28 18:59 - 2013-12-28 18:59 - 00003217 _____ C:\Users\Prinzessin\Downloads\wp-config.php
2013-12-28 18:07 - 2013-12-27 21:06 - 00000512 _____ C:\Users\Prinzessin\Desktop\.htaccess.backup
2013-12-28 17:41 - 2013-12-28 17:41 - 03026171 _____ C:\Users\Prinzessin\Downloads\localhost.sql
2013-12-28 16:50 - 2013-12-28 17:42 - 00000000 ____D C:\Program Files\XAMPP
2013-12-28 16:47 - 2013-12-28 16:48 - 123794144 _____ (BitNami) C:\Users\Prinzessin\Downloads\xampp-win32-1.8.3-2-VC11-installer.exe
2013-12-28 16:38 - 2013-12-28 16:43 - 00000961 _____ C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Helios
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Program Files\TextPad 7
2013-12-28 16:37 - 2013-12-28 16:37 - 00000000 ____D C:\Users\Prinzessin\Downloads\txpdeu710
2013-12-28 16:22 - 2013-12-28 16:22 - 02842038 _____ C:\Users\Prinzessin\Downloads\bueno.zip
2013-12-28 16:21 - 2013-12-28 16:21 - 05173196 _____ C:\Users\Prinzessin\Downloads\irresistible.zip
2013-12-27 23:45 - 2013-12-27 23:45 - 00000071 _____ C:\Users\Prinzessin\Desktop\index.html
2013-12-27 22:36 - 2013-12-27 22:36 - 01621358 _____ C:\Users\Prinzessin\Downloads\customizr.3.1.5.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 01651587 _____ C:\Users\Prinzessin\Downloads\hueman.1.2.7.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 00000000 ____D C:\Users\Prinzessin\Downloads\hueman.1.2.7
2013-12-27 21:46 - 2013-12-27 21:46 - 00000000 ____D C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht
2013-12-27 21:45 - 2013-12-27 21:45 - 00029708 _____ C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht.zip
2013-12-27 21:06 - 2013-12-27 21:10 - 00000000 ____D C:\Users\Prinzessin\Desktop\Kiwilicious Backup 27.12
2013-12-27 20:56 - 2013-12-28 18:56 - 00003495 _____ C:\Users\Prinzessin\Desktop\wp-config1.php
2013-12-23 12:19 - 2013-12-23 12:19 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\Program Files\iTunes
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-23 12:18 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2014-01-15 11:44 - 2014-01-15 11:44 - 00011023 _____ C:\Users\Prinzessin\Desktop\FRST.txt
2014-01-15 11:44 - 2014-01-15 11:44 - 00000000 ____D C:\FRST
2014-01-15 11:43 - 2014-01-15 11:43 - 02076160 _____ (Farbar) C:\Users\Prinzessin\Desktop\FRST64.exe
2014-01-15 11:18 - 2013-08-15 14:15 - 02028891 _____ C:\Windows\WindowsUpdate.log
2014-01-15 11:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-15 10:53 - 2013-08-24 16:38 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-15 10:39 - 2014-01-15 10:31 - 00048596 _____ C:\Users\Prinzessin\Desktop\Extras.Txt
2014-01-15 10:32 - 2014-01-15 10:31 - 00133010 _____ C:\Users\Prinzessin\Desktop\OTL.Txt
2014-01-15 10:10 - 2014-01-15 10:10 - 00602112 _____ (OldTimer Tools) C:\Users\Prinzessin\Desktop\OTL.exe
2014-01-15 10:08 - 2013-08-15 14:22 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3751189097-2915931777-4004511958-1001
2014-01-15 10:04 - 2013-08-22 17:46 - 00000000 ___RD C:\Users\Prinzessin\Documents\Dropbox
2014-01-15 10:04 - 2013-08-22 17:42 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Dropbox
2014-01-15 10:03 - 2013-08-24 16:38 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-15 10:03 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-13 17:49 - 2012-07-26 11:27 - 00715482 _____ C:\Windows\system32\perfh007.dat
2014-01-13 17:49 - 2012-07-26 11:27 - 00148046 _____ C:\Windows\system32\perfc007.dat
2014-01-13 17:49 - 2012-07-26 08:28 - 01654648 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-11 21:21 - 2014-01-11 21:21 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\vlc
2014-01-11 21:19 - 2014-01-11 21:19 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 21:19 - 2014-01-11 21:19 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 21:18 - 2014-01-11 21:18 - 00001196 _____ C:\Users\Prinzessin\Desktop\Startfenster.lnk
2014-01-11 21:18 - 2014-01-11 21:18 - 00001196 _____ C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
2014-01-11 21:15 - 2013-09-24 18:47 - 00000000 ____D C:\Users\Prinzessin\AppData\Local\Microsoft Help
2014-01-11 21:02 - 2014-01-11 21:01 - 24738792 _____ C:\Users\Prinzessin\Downloads\vlc-2.1.2-win64.exe
2014-01-09 12:16 - 2012-07-26 08:21 - 00017735 _____ C:\Windows\setupact.log
2014-01-06 20:39 - 2014-01-06 20:39 - 00518875 _____ C:\Users\Prinzessin\Downloads\HA_Statistic.zip
2014-01-06 20:39 - 2014-01-06 20:39 - 00000000 ____D C:\Users\Prinzessin\Downloads\HA_Statistic
2014-01-04 18:41 - 2013-08-24 10:56 - 00000000 ____D C:\Program Files (x86)\Nightly.bak
2014-01-04 18:41 - 2013-08-15 18:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-04 15:47 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 15:46 - 2012-07-26 06:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2014-01-04 15:32 - 2014-01-04 15:24 - 00004928 _____ C:\Windows\DPINST.LOG
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D C:\Program Files\DellTPad
2014-01-04 15:24 - 2014-01-04 15:24 - 00000000 ____D C:\ProgramData\Dell
2014-01-04 15:24 - 2014-01-04 15:18 - 69095472 _____ (Dell Inc.) C:\Users\Prinzessin\Downloads\Input_Driver_FGG85_WN_8.1200.101.214_A02.EXE
2014-01-04 15:16 - 2014-01-04 15:16 - 10121992 _____ C:\Users\Prinzessin\Downloads\Tocuhpad treiber.exe
2014-01-01 21:47 - 2014-01-01 21:47 - 00000000 ____D C:\Program Files (x86)\Nightly
2014-01-01 21:00 - 2013-12-01 21:33 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\FileZilla
2014-01-01 18:53 - 2014-01-01 18:43 - 00000000 ____D C:\Users\Prinzessin\Documents\Kiwilicious
2014-01-01 18:45 - 2013-12-28 19:51 - 00000000 ____D C:\Users\Prinzessin\Documents\XAMPP
2014-01-01 18:42 - 2014-01-01 18:42 - 00000676 _____ C:\Users\Prinzessin\Documents\cookie.html
2014-01-01 18:42 - 2014-01-01 18:42 - 00000512 _____ C:\Users\Prinzessin\Documents\.htaccess
2013-12-29 20:21 - 2013-12-29 20:21 - 00000000 ____D C:\Users\Prinzessin\Desktop\uploads
2013-12-29 14:34 - 2013-12-29 14:34 - 00322096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o.psd
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o (1).psd
2013-12-28 19:30 - 2013-12-28 19:30 - 00055224 _____ C:\Users\Prinzessin\Downloads\backerinchen.wordpress.2013-12-28.xml
2013-12-28 19:24 - 2013-12-28 19:24 - 00162710 _____ C:\Users\Prinzessin\Downloads\kiwilicious.wordpress.2013-12-28.xml
2013-12-28 19:15 - 2013-12-28 19:15 - 00000000 ____D C:\Users\Prinzessin\Downloads\wordpress-3.8
2013-12-28 19:13 - 2013-12-28 19:12 - 06367550 _____ C:\Users\Prinzessin\Downloads\wordpress-3.8.zip
2013-12-28 18:59 - 2013-12-28 18:59 - 00003217 _____ C:\Users\Prinzessin\Downloads\wp-config.php
2013-12-28 18:56 - 2013-12-27 20:56 - 00003495 _____ C:\Users\Prinzessin\Desktop\wp-config1.php
2013-12-28 17:42 - 2013-12-28 16:50 - 00000000 ____D C:\Program Files\XAMPP
2013-12-28 17:41 - 2013-12-28 17:41 - 03026171 _____ C:\Users\Prinzessin\Downloads\localhost.sql
2013-12-28 16:48 - 2013-12-28 16:47 - 123794144 _____ (BitNami) C:\Users\Prinzessin\Downloads\xampp-win32-1.8.3-2-VC11-installer.exe
2013-12-28 16:43 - 2013-12-28 16:38 - 00000961 _____ C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Helios
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Program Files\TextPad 7
2013-12-28 16:37 - 2013-12-28 16:37 - 00000000 ____D C:\Users\Prinzessin\Downloads\txpdeu710
2013-12-28 16:22 - 2013-12-28 16:22 - 02842038 _____ C:\Users\Prinzessin\Downloads\bueno.zip
2013-12-28 16:21 - 2013-12-28 16:21 - 05173196 _____ C:\Users\Prinzessin\Downloads\irresistible.zip
2013-12-27 23:45 - 2013-12-27 23:45 - 00000071 _____ C:\Users\Prinzessin\Desktop\index.html
2013-12-27 22:36 - 2013-12-27 22:36 - 01621358 _____ C:\Users\Prinzessin\Downloads\customizr.3.1.5.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 01651587 _____ C:\Users\Prinzessin\Downloads\hueman.1.2.7.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 00000000 ____D C:\Users\Prinzessin\Downloads\hueman.1.2.7
2013-12-27 21:46 - 2013-12-27 21:46 - 00000000 ____D C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht
2013-12-27 21:45 - 2013-12-27 21:45 - 00029708 _____ C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht.zip
2013-12-27 21:10 - 2013-12-27 21:06 - 00000000 ____D C:\Users\Prinzessin\Desktop\Kiwilicious Backup 27.12
2013-12-27 21:06 - 2013-12-28 18:07 - 00000512 _____ C:\Users\Prinzessin\Desktop\.htaccess.backup
2013-12-23 12:38 - 2013-09-24 18:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-12-23 12:19 - 2013-12-23 12:19 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iTunes
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-23 12:18 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iPod
2013-12-18 22:01 - 2013-08-15 14:16 - 00000000 ___RD C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-18 22:00 - 2013-08-22 17:46 - 00000994 _____ C:\Users\Prinzessin\Desktop\Dropbox.lnk
2013-12-18 22:00 - 2013-08-22 17:44 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

Some content of TEMP:
====================
C:\Users\Prinzessin\AppData\Local\Temp\ose00000.exe
C:\Users\Prinzessin\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Prinzessin\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-13 18:01

==================== End Of Log ============================
         
--- --- ---



Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2014
Ran by Prinzessin at 2014-01-15 11:45:31
Running from C:\Users\Prinzessin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Bonjour-Druckdienste (Version: 2.0.2.0 - Apple Inc.)
Dell Touchpad (Version: 8.1200.101.214 - ALPS ELECTRIC CO., LTD.)
Dropbox (HKCU Version: 2.4.10 - Dropbox, Inc.)
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
FortiClient (Version: 4.3.5.0472 - Fortinet Inc)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
iCloud (Version: 3.1.0.40 - Apple Inc.)
iTunes (Version: 11.1.3.8 - Apple Inc.)
JabRef 2.9.2 (x32 Version: 2.9.2 - JabRef Team)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
MiKTeX 2.9 (x32 Version: 2.9 - MiKTeX.org)
Mozilla Maintenance Service (x32 Version: 29.0a1 - Mozilla)
Nightly 29.0a1 (x86 en-US) (x32 Version: 29.0a1 - Mozilla)
PDF24 Creator 5.7.0 (x32 Version:  - PDF24.org)
RailsInstaller 2.2.2 (HKCU Version: 2.2.2 - RailsInstaller Team)
RICOH Media Driver ver.2.07.01.04 (x32 Version: 2.07.01.04 - RICOH)
Sublime Text 2.0.2 (Version:  - )
TeXnicCenter Version 2.02 Stable (x32 Version: 2.02 Stable - The TeXnicCenter Team)
TextPad 7 (Version: 7.1.0 - Helios)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
XAMPP (x32 Version: 1.8.3-2 - BitNami)

==================== Restore Points  =========================

28-12-2013 15:37:39 Installed TextPad 7.
06-01-2014 20:34:35 Geplanter Prüfpunkt
14-01-2014 19:39:41 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {56B273B0-6F12-48C3-9F32-AE2F82709198} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-24] (Google Inc.)
Task: {7F03450C-90B3-4689-97A2-25047A3BCB5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-24] (Google Inc.)
Task: {82EC5401-92A6-4D8A-860A-215AA77AB561} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {9D912DB4-DC92-4C77-9299-4075563CAB6D} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-16 15:14 - 2013-08-16 15:14 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-14 16:05 - 2012-08-14 16:05 - 00323584 _____ () C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\libcef.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2012-09-23 19:43 - 2012-09-23 19:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2013-08-07 20:25 - 2013-08-07 20:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-12-05 21:55 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 21:55 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 21:55 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 21:55 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 21:55 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Broadcom NetLink (TM)-Gigabit-Ethernet
Description: Broadcom NetLink (TM)-Gigabit-Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: k57nd60a
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Der angeforderte Dienst wurde bereits gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 4060.86 MB
Available physical RAM: 1986.84 MB
Total Pagefile: 4764.86 MB
Available Pagefile: 2514.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:800.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F4501180)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 16.01.2014, 08:34   #4
schrauber
/// the machine
/// TB-Ausbilder
 

VLC von der falschen Seite geladen.. - Standard

VLC von der falschen Seite geladen..



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.01.2014, 13:52   #5
stigma
 
VLC von der falschen Seite geladen.. - Standard

VLC von der falschen Seite geladen..



Sorry, dass ich mich jetzt erst wieder melde. Ich konnte leider die letzten zwei Tage mit dem PC nicht ins Internet. Also hier die Logs:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.18.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Prinzessin :: LILLI [Administrator]

18.01.2014 13:12:52
mbam-log-2014-01-18 (13-12-52).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205828
Laufzeit: 6 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Prinzessin\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe (PUP.Optional.Spigot.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
AdwCleaner
Code:
ATTFilter
# AdwCleaner v3.017 - Bericht erstellt am 18/01/2014 um 13:27:13
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 8 Pro  (64 bits)
# Benutzername : Prinzessin - LILLI
# Gestartet von : C:\Users\Prinzessin\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Prinzessin\Desktop\Startfenster.lnk

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ Datei : C:\Users\Prinzessin\AppData\Roaming\Mozilla\Firefox\Profiles\jp8va1ae.default\prefs.js ]

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.startfenster.de");

-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1369 octets] - [18/01/2014 13:25:19]
AdwCleaner[S0].txt - [1270 octets] - [18/01/2014 13:27:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1330 octets] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8 Pro x64
Ran by Prinzessin on 18.01.2014 at 13:33:11,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\Prinzessin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\taskbar\startfenster.lnk"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.01.2014 at 13:42:06,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und das neue FRST log

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by Prinzessin (administrator) on LILLI on 18-01-2014 13:47:12
Running from C:\Users\Prinzessin\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCHelper.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE3CA919EFC03CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Prinzessin\AppData\Roaming\Mozilla\Firefox\Profiles\jp8va1ae.default
FF NetworkProxy: "http", "proxy.fh-brandenburg.de"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-08-24]
CHR Extension: (Google Drive) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-08-24]
CHR Extension: (YouTube) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-08-24]
CHR Extension: (Google Search) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-08-24]
CHR Extension: (iCloud Bookmarks) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0 [2013-12-14]
CHR Extension: (Hola Better Internet) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.2.395_0 [2014-01-15]
CHR Extension: (Google Wallet) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-26]
CHR Extension: (Gmail) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2013-08-24]

==================== Services (Whitelisted) =================

U2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
U2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [73746 2012-08-14] (Fortinet Inc.)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
U3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [15656 2012-08-14] (Fortinet Inc)
U1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [23928 2011-09-09] (Fortinet Inc)
U3 Fortips; C:\Windows\System32\drivers\fortips.sys [126760 2012-08-14] (Fortinet Inc)
U3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [46888 2012-08-14] (Fortinet Inc)
U3 ft_vnic; C:\Windows\system32\DRIVERS\ftvnic.sys [16928 2011-03-21] (Fortinet Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-18 13:42 - 2014-01-18 13:46 - 00000769 _____ C:\Users\Prinzessin\Desktop\JRT.txt
2014-01-18 13:33 - 2014-01-18 13:33 - 00000000 ____D C:\Windows\ERUNT
2014-01-18 13:31 - 2014-01-18 13:31 - 01037068 _____ (Thisisu) C:\Users\Prinzessin\Desktop\JRT.exe
2014-01-18 13:30 - 2014-01-18 13:30 - 00001410 _____ C:\Users\Prinzessin\Desktop\AdwCleaner[S0].txt
2014-01-18 13:25 - 2014-01-18 13:27 - 00000000 ____D C:\AdwCleaner
2014-01-18 13:09 - 2014-01-18 13:09 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Malwarebytes
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 13:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-18 13:08 - 2014-01-18 13:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Prinzessin\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 13:08 - 2014-01-18 13:08 - 01236282 _____ C:\Users\Prinzessin\Desktop\adwcleaner.exe
2014-01-15 11:45 - 2014-01-15 11:45 - 00011156 _____ C:\Users\Prinzessin\Desktop\Addition.txt
2014-01-15 11:44 - 2014-01-18 13:47 - 00009180 _____ C:\Users\Prinzessin\Desktop\FRST.txt
2014-01-15 11:44 - 2014-01-15 11:44 - 00000000 ____D C:\FRST
2014-01-15 11:43 - 2014-01-15 11:43 - 02076160 _____ (Farbar) C:\Users\Prinzessin\Desktop\FRST64.exe
2014-01-15 11:08 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 11:08 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 11:08 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 11:08 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 11:08 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-15 11:08 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-15 11:08 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-15 11:08 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-15 11:08 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-15 11:08 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-15 11:08 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-15 11:08 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-15 11:08 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-15 11:08 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-15 11:08 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-15 10:31 - 2014-01-15 10:39 - 00048596 _____ C:\Users\Prinzessin\Desktop\Extras.Txt
2014-01-15 10:31 - 2014-01-15 10:32 - 00133010 _____ C:\Users\Prinzessin\Desktop\OTL.Txt
2014-01-15 10:10 - 2014-01-15 10:10 - 00602112 _____ (OldTimer Tools) C:\Users\Prinzessin\Desktop\OTL.exe
2014-01-11 21:21 - 2014-01-11 21:21 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\vlc
2014-01-11 21:19 - 2014-01-11 21:19 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 21:19 - 2014-01-11 21:19 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 21:01 - 2014-01-11 21:02 - 24738792 _____ C:\Users\Prinzessin\Downloads\vlc-2.1.2-win64.exe
2014-01-06 20:39 - 2014-01-06 20:39 - 00518875 _____ C:\Users\Prinzessin\Downloads\HA_Statistic.zip
2014-01-06 20:39 - 2014-01-06 20:39 - 00000000 ____D C:\Users\Prinzessin\Downloads\HA_Statistic
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D C:\Program Files\DellTPad
2014-01-04 15:24 - 2014-01-04 15:32 - 00004928 _____ C:\Windows\DPINST.LOG
2014-01-04 15:24 - 2014-01-04 15:24 - 00000000 ____D C:\ProgramData\Dell
2014-01-04 15:24 - 2012-09-19 06:46 - 00447864 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys
2014-01-04 15:24 - 2012-05-17 14:08 - 00113048 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2014-01-04 15:24 - 2009-07-14 09:51 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-01-04 15:18 - 2014-01-04 15:24 - 69095472 _____ (Dell Inc.) C:\Users\Prinzessin\Downloads\Input_Driver_FGG85_WN_8.1200.101.214_A02.EXE
2014-01-04 15:16 - 2014-01-04 15:16 - 10121992 _____ C:\Users\Prinzessin\Downloads\Tocuhpad treiber.exe
2014-01-01 21:47 - 2014-01-01 21:47 - 00000000 ____D C:\Program Files (x86)\Nightly
2014-01-01 18:43 - 2014-01-01 18:53 - 00000000 ____D C:\Users\Prinzessin\Documents\Kiwilicious
2014-01-01 18:42 - 2014-01-01 18:42 - 00000676 _____ C:\Users\Prinzessin\Documents\cookie.html
2014-01-01 18:42 - 2014-01-01 18:42 - 00000512 _____ C:\Users\Prinzessin\Documents\.htaccess
2013-12-29 20:21 - 2013-12-29 20:21 - 00000000 ____D C:\Users\Prinzessin\Desktop\uploads
2013-12-29 14:34 - 2013-12-29 14:34 - 00322096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o.psd
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o (1).psd
2013-12-28 19:51 - 2014-01-01 18:45 - 00000000 ____D C:\Users\Prinzessin\Documents\XAMPP
2013-12-28 19:30 - 2013-12-28 19:30 - 00055224 _____ C:\Users\Prinzessin\Downloads\backerinchen.wordpress.2013-12-28.xml
2013-12-28 19:24 - 2013-12-28 19:24 - 00162710 _____ C:\Users\Prinzessin\Downloads\kiwilicious.wordpress.2013-12-28.xml
2013-12-28 19:15 - 2013-12-28 19:15 - 00000000 ____D C:\Users\Prinzessin\Downloads\wordpress-3.8
2013-12-28 19:12 - 2013-12-28 19:13 - 06367550 _____ C:\Users\Prinzessin\Downloads\wordpress-3.8.zip
2013-12-28 18:59 - 2013-12-28 18:59 - 00003217 _____ C:\Users\Prinzessin\Downloads\wp-config.php
2013-12-28 18:07 - 2013-12-27 21:06 - 00000512 _____ C:\Users\Prinzessin\Desktop\.htaccess.backup
2013-12-28 17:41 - 2013-12-28 17:41 - 03026171 _____ C:\Users\Prinzessin\Downloads\localhost.sql
2013-12-28 16:50 - 2013-12-28 17:42 - 00000000 ____D C:\Program Files\XAMPP
2013-12-28 16:47 - 2013-12-28 16:48 - 123794144 _____ (BitNami) C:\Users\Prinzessin\Downloads\xampp-win32-1.8.3-2-VC11-installer.exe
2013-12-28 16:38 - 2013-12-28 16:43 - 00000961 _____ C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Helios
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Program Files\TextPad 7
2013-12-28 16:37 - 2013-12-28 16:37 - 00000000 ____D C:\Users\Prinzessin\Downloads\txpdeu710
2013-12-28 16:22 - 2013-12-28 16:22 - 02842038 _____ C:\Users\Prinzessin\Downloads\bueno.zip
2013-12-28 16:21 - 2013-12-28 16:21 - 05173196 _____ C:\Users\Prinzessin\Downloads\irresistible.zip
2013-12-27 23:45 - 2013-12-27 23:45 - 00000071 _____ C:\Users\Prinzessin\Desktop\index.html
2013-12-27 22:36 - 2013-12-27 22:36 - 01621358 _____ C:\Users\Prinzessin\Downloads\customizr.3.1.5.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 01651587 _____ C:\Users\Prinzessin\Downloads\hueman.1.2.7.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 00000000 ____D C:\Users\Prinzessin\Downloads\hueman.1.2.7
2013-12-27 21:46 - 2013-12-27 21:46 - 00000000 ____D C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht
2013-12-27 21:45 - 2013-12-27 21:45 - 00029708 _____ C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht.zip
2013-12-27 21:06 - 2013-12-27 21:10 - 00000000 ____D C:\Users\Prinzessin\Desktop\Kiwilicious Backup 27.12
2013-12-27 20:56 - 2013-12-28 18:56 - 00003495 _____ C:\Users\Prinzessin\Desktop\wp-config1.php
2013-12-23 12:19 - 2013-12-23 12:19 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\Program Files\iTunes
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-23 12:18 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2014-01-18 13:47 - 2014-01-15 11:44 - 00009180 _____ C:\Users\Prinzessin\Desktop\FRST.txt
2014-01-18 13:46 - 2014-01-18 13:42 - 00000769 _____ C:\Users\Prinzessin\Desktop\JRT.txt
2014-01-18 13:46 - 2013-08-15 14:22 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3751189097-2915931777-4004511958-1001
2014-01-18 13:36 - 2013-08-22 17:42 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Dropbox
2014-01-18 13:33 - 2014-01-18 13:33 - 00000000 ____D C:\Windows\ERUNT
2014-01-18 13:31 - 2014-01-18 13:31 - 01037068 _____ (Thisisu) C:\Users\Prinzessin\Desktop\JRT.exe
2014-01-18 13:31 - 2013-08-22 17:46 - 00000000 ___RD C:\Users\Prinzessin\Documents\Dropbox
2014-01-18 13:30 - 2014-01-18 13:30 - 00001410 _____ C:\Users\Prinzessin\Desktop\AdwCleaner[S0].txt
2014-01-18 13:29 - 2013-08-24 16:38 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-18 13:29 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-18 13:28 - 2012-07-26 06:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2014-01-18 13:27 - 2014-01-18 13:25 - 00000000 ____D C:\AdwCleaner
2014-01-18 13:22 - 2013-08-15 14:15 - 01262771 _____ C:\Windows\WindowsUpdate.log
2014-01-18 13:22 - 2013-08-15 14:04 - 00004044 _____ C:\Windows\PFRO.log
2014-01-18 13:11 - 2013-08-22 17:46 - 00000994 _____ C:\Users\Prinzessin\Desktop\Dropbox.lnk
2014-01-18 13:11 - 2013-08-22 17:44 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-18 13:11 - 2013-08-15 14:16 - 00000000 ___RD C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-18 13:09 - 2014-01-18 13:09 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Malwarebytes
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 13:08 - 2014-01-18 13:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Prinzessin\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 13:08 - 2014-01-18 13:08 - 01236282 _____ C:\Users\Prinzessin\Desktop\adwcleaner.exe
2014-01-18 13:04 - 2013-08-15 18:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-17 17:01 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-17 15:54 - 2013-08-24 16:38 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-15 12:21 - 2013-09-24 18:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 12:18 - 2013-08-15 18:20 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 12:18 - 2013-08-15 18:20 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 12:18 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2014-01-15 11:45 - 2014-01-15 11:45 - 00011156 _____ C:\Users\Prinzessin\Desktop\Addition.txt
2014-01-15 11:44 - 2014-01-15 11:44 - 00000000 ____D C:\FRST
2014-01-15 11:43 - 2014-01-15 11:43 - 02076160 _____ (Farbar) C:\Users\Prinzessin\Desktop\FRST64.exe
2014-01-15 10:39 - 2014-01-15 10:31 - 00048596 _____ C:\Users\Prinzessin\Desktop\Extras.Txt
2014-01-15 10:32 - 2014-01-15 10:31 - 00133010 _____ C:\Users\Prinzessin\Desktop\OTL.Txt
2014-01-15 10:10 - 2014-01-15 10:10 - 00602112 _____ (OldTimer Tools) C:\Users\Prinzessin\Desktop\OTL.exe
2014-01-15 10:03 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-13 17:49 - 2012-07-26 11:27 - 00715482 _____ C:\Windows\system32\perfh007.dat
2014-01-13 17:49 - 2012-07-26 11:27 - 00148046 _____ C:\Windows\system32\perfc007.dat
2014-01-13 17:49 - 2012-07-26 08:28 - 01654648 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-11 21:21 - 2014-01-11 21:21 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\vlc
2014-01-11 21:19 - 2014-01-11 21:19 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 21:19 - 2014-01-11 21:19 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 21:15 - 2013-09-24 18:47 - 00000000 ____D C:\Users\Prinzessin\AppData\Local\Microsoft Help
2014-01-11 21:02 - 2014-01-11 21:01 - 24738792 _____ C:\Users\Prinzessin\Downloads\vlc-2.1.2-win64.exe
2014-01-09 12:16 - 2012-07-26 08:21 - 00017735 _____ C:\Windows\setupact.log
2014-01-09 09:02 - 2013-11-20 11:36 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-20 11:36 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-06 20:39 - 2014-01-06 20:39 - 00518875 _____ C:\Users\Prinzessin\Downloads\HA_Statistic.zip
2014-01-06 20:39 - 2014-01-06 20:39 - 00000000 ____D C:\Users\Prinzessin\Downloads\HA_Statistic
2014-01-04 18:41 - 2013-08-24 10:56 - 00000000 ____D C:\Program Files (x86)\Nightly.bak
2014-01-04 15:32 - 2014-01-04 15:24 - 00004928 _____ C:\Windows\DPINST.LOG
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D C:\Program Files\DellTPad
2014-01-04 15:24 - 2014-01-04 15:24 - 00000000 ____D C:\ProgramData\Dell
2014-01-04 15:24 - 2014-01-04 15:18 - 69095472 _____ (Dell Inc.) C:\Users\Prinzessin\Downloads\Input_Driver_FGG85_WN_8.1200.101.214_A02.EXE
2014-01-04 15:16 - 2014-01-04 15:16 - 10121992 _____ C:\Users\Prinzessin\Downloads\Tocuhpad treiber.exe
2014-01-01 21:47 - 2014-01-01 21:47 - 00000000 ____D C:\Program Files (x86)\Nightly
2014-01-01 21:00 - 2013-12-01 21:33 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\FileZilla
2014-01-01 18:53 - 2014-01-01 18:43 - 00000000 ____D C:\Users\Prinzessin\Documents\Kiwilicious
2014-01-01 18:45 - 2013-12-28 19:51 - 00000000 ____D C:\Users\Prinzessin\Documents\XAMPP
2014-01-01 18:42 - 2014-01-01 18:42 - 00000676 _____ C:\Users\Prinzessin\Documents\cookie.html
2014-01-01 18:42 - 2014-01-01 18:42 - 00000512 _____ C:\Users\Prinzessin\Documents\.htaccess
2013-12-29 20:21 - 2013-12-29 20:21 - 00000000 ____D C:\Users\Prinzessin\Desktop\uploads
2013-12-29 14:34 - 2013-12-29 14:34 - 00322096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o.psd
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o (1).psd
2013-12-28 19:30 - 2013-12-28 19:30 - 00055224 _____ C:\Users\Prinzessin\Downloads\backerinchen.wordpress.2013-12-28.xml
2013-12-28 19:24 - 2013-12-28 19:24 - 00162710 _____ C:\Users\Prinzessin\Downloads\kiwilicious.wordpress.2013-12-28.xml
2013-12-28 19:15 - 2013-12-28 19:15 - 00000000 ____D C:\Users\Prinzessin\Downloads\wordpress-3.8
2013-12-28 19:13 - 2013-12-28 19:12 - 06367550 _____ C:\Users\Prinzessin\Downloads\wordpress-3.8.zip
2013-12-28 18:59 - 2013-12-28 18:59 - 00003217 _____ C:\Users\Prinzessin\Downloads\wp-config.php
2013-12-28 18:56 - 2013-12-27 20:56 - 00003495 _____ C:\Users\Prinzessin\Desktop\wp-config1.php
2013-12-28 17:42 - 2013-12-28 16:50 - 00000000 ____D C:\Program Files\XAMPP
2013-12-28 17:41 - 2013-12-28 17:41 - 03026171 _____ C:\Users\Prinzessin\Downloads\localhost.sql
2013-12-28 16:48 - 2013-12-28 16:47 - 123794144 _____ (BitNami) C:\Users\Prinzessin\Downloads\xampp-win32-1.8.3-2-VC11-installer.exe
2013-12-28 16:43 - 2013-12-28 16:38 - 00000961 _____ C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Helios
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Program Files\TextPad 7
2013-12-28 16:37 - 2013-12-28 16:37 - 00000000 ____D C:\Users\Prinzessin\Downloads\txpdeu710
2013-12-28 16:22 - 2013-12-28 16:22 - 02842038 _____ C:\Users\Prinzessin\Downloads\bueno.zip
2013-12-28 16:21 - 2013-12-28 16:21 - 05173196 _____ C:\Users\Prinzessin\Downloads\irresistible.zip
2013-12-27 23:45 - 2013-12-27 23:45 - 00000071 _____ C:\Users\Prinzessin\Desktop\index.html
2013-12-27 22:36 - 2013-12-27 22:36 - 01621358 _____ C:\Users\Prinzessin\Downloads\customizr.3.1.5.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 01651587 _____ C:\Users\Prinzessin\Downloads\hueman.1.2.7.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 00000000 ____D C:\Users\Prinzessin\Downloads\hueman.1.2.7
2013-12-27 21:46 - 2013-12-27 21:46 - 00000000 ____D C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht
2013-12-27 21:45 - 2013-12-27 21:45 - 00029708 _____ C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht.zip
2013-12-27 21:10 - 2013-12-27 21:06 - 00000000 ____D C:\Users\Prinzessin\Desktop\Kiwilicious Backup 27.12
2013-12-27 21:06 - 2013-12-28 18:07 - 00000512 _____ C:\Users\Prinzessin\Desktop\.htaccess.backup
2013-12-23 12:38 - 2013-09-24 18:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-12-23 12:19 - 2013-12-23 12:19 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iTunes
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-23 12:18 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iPod

Some content of TEMP:
====================
C:\Users\Prinzessin\AppData\Local\Temp\ose00000.exe
C:\Users\Prinzessin\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Prinzessin\AppData\Local\Temp\Quarantine.exe
C:\Users\Prinzessin\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-17 10:43

==================== End Of Log ============================
         
--- --- ---
--- --- ---
--- --- ---


Vielen Dank


Alt 19.01.2014, 09:53   #6
schrauber
/// the machine
/// TB-Ausbilder
 

VLC von der falschen Seite geladen.. - Standard

VLC von der falschen Seite geladen..




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> VLC von der falschen Seite geladen..

Alt 19.01.2014, 23:27   #7
stigma
 
VLC von der falschen Seite geladen.. - Standard

VLC von der falschen Seite geladen..



Puh, endlich alles gescannt. Hier die Logs. Probleme hab ich eigentlich keine. Die Startfenster Geschichten sind alle weg. Eine Frage hätt ich allerdings noch. Muss bzw soll ich den "falschen" VLC Player deinstallieren oder kann der bleiben?

Eset log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1a5f6564626fe14681c3925b99680853
# engine=16709
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-19 09:58:07
# local_time=2014-01-19 10:58:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776573 100 94 38406 17452162 0 0
# scanned=232511
# found=0
# cleaned=0
# scan_time=36013
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.79  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Reader XI  
 Google Chrome 31.0.1650.63  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MsMpEng.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
Fsrt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04
Ran by Prinzessin (administrator) on LILLI on 19-01-2014 23:21:15
Running from C:\Users\Prinzessin\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Google\Update\Install\{FC8C7E33-1531-4429-9F23-3BB717CE4201}\32.0.1700.76_31.0.1650.63_chrome_updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\setup.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Prinzessin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE3CA919EFC03CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {20B1356B-8C0D-4BA9-907C-B5A739CC1D05} URL = hxxp://www.sm.de/?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Prinzessin\AppData\Roaming\Mozilla\Firefox\Profiles\jp8va1ae.default
FF NetworkProxy: "http", "proxy.fh-brandenburg.de"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-24]
CHR Extension: (Google Drive) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-24]
CHR Extension: (YouTube) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-24]
CHR Extension: (Google-Suche) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-24]
CHR Extension: (iCloud-Lesezeichen) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-11-09]
CHR Extension: (Hola Besseres Internet) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-09-24]
CHR Extension: (Google Wallet) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Google Mail) - C:\Users\Prinzessin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-24]

==================== Services (Whitelisted) =================

U2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
U2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [73746 2012-08-14] (Fortinet Inc.)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
U3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [15656 2012-08-14] (Fortinet Inc)
U1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [23928 2011-09-09] (Fortinet Inc)
U3 Fortips; C:\Windows\System32\drivers\fortips.sys [126760 2012-08-14] (Fortinet Inc)
U3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [46888 2012-08-14] (Fortinet Inc)
U3 ft_vnic; C:\Windows\system32\DRIVERS\ftvnic.sys [16928 2011-03-21] (Fortinet Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-19 23:21 - 2014-01-19 23:21 - 00000000 ____D C:\Users\Prinzessin\Desktop\FRST-OlderVersion
2014-01-19 23:20 - 2014-01-19 23:20 - 00000917 _____ C:\Users\Prinzessin\Desktop\checkup.txt
2014-01-19 23:18 - 2014-01-19 23:18 - 00987425 _____ C:\Users\Prinzessin\Desktop\SecurityCheck.exe
2014-01-19 12:55 - 2014-01-19 12:55 - 02347384 _____ (ESET) C:\Users\Prinzessin\Downloads\esetsmartinstaller_enu.exe
2014-01-18 13:42 - 2014-01-18 13:46 - 00000769 _____ C:\Users\Prinzessin\Desktop\JRT.txt
2014-01-18 13:33 - 2014-01-18 13:33 - 00000000 ____D C:\Windows\ERUNT
2014-01-18 13:31 - 2014-01-18 13:31 - 01037068 _____ (Thisisu) C:\Users\Prinzessin\Desktop\JRT.exe
2014-01-18 13:30 - 2014-01-18 13:30 - 00001410 _____ C:\Users\Prinzessin\Desktop\AdwCleaner[S0].txt
2014-01-18 13:25 - 2014-01-18 13:27 - 00000000 ____D C:\AdwCleaner
2014-01-18 13:09 - 2014-01-18 13:09 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Malwarebytes
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 13:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-18 13:08 - 2014-01-18 13:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Prinzessin\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 13:08 - 2014-01-18 13:08 - 01236282 _____ C:\Users\Prinzessin\Desktop\adwcleaner.exe
2014-01-15 11:45 - 2014-01-15 11:45 - 00011156 _____ C:\Users\Prinzessin\Desktop\Addition.txt
2014-01-15 11:44 - 2014-01-19 23:21 - 00010552 _____ C:\Users\Prinzessin\Desktop\FRST.txt
2014-01-15 11:44 - 2014-01-19 23:21 - 00000000 ____D C:\FRST
2014-01-15 11:43 - 2014-01-19 23:21 - 02076672 _____ (Farbar) C:\Users\Prinzessin\Desktop\FRST64.exe
2014-01-15 11:08 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 11:08 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 11:08 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 11:08 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 11:08 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-15 11:08 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-15 11:08 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-15 11:08 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-15 11:08 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-15 11:08 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-15 11:08 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-15 11:08 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-15 11:08 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-15 11:08 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-15 11:08 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-15 10:31 - 2014-01-15 10:39 - 00048596 _____ C:\Users\Prinzessin\Desktop\Extras.Txt
2014-01-15 10:31 - 2014-01-15 10:32 - 00133010 _____ C:\Users\Prinzessin\Desktop\OTL.Txt
2014-01-15 10:10 - 2014-01-15 10:10 - 00602112 _____ (OldTimer Tools) C:\Users\Prinzessin\Desktop\OTL.exe
2014-01-11 21:21 - 2014-01-19 16:02 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\vlc
2014-01-11 21:19 - 2014-01-11 21:19 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 21:19 - 2014-01-11 21:19 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 21:01 - 2014-01-11 21:02 - 24738792 _____ C:\Users\Prinzessin\Downloads\vlc-2.1.2-win64.exe
2014-01-06 20:39 - 2014-01-06 20:39 - 00518875 _____ C:\Users\Prinzessin\Downloads\HA_Statistic.zip
2014-01-06 20:39 - 2014-01-06 20:39 - 00000000 ____D C:\Users\Prinzessin\Downloads\HA_Statistic
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D C:\Program Files\DellTPad
2014-01-04 15:24 - 2014-01-04 15:32 - 00004928 _____ C:\Windows\DPINST.LOG
2014-01-04 15:24 - 2014-01-04 15:24 - 00000000 ____D C:\ProgramData\Dell
2014-01-04 15:24 - 2012-09-19 06:46 - 00447864 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys
2014-01-04 15:24 - 2012-05-17 14:08 - 00113048 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2014-01-04 15:24 - 2009-07-14 09:51 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-01-04 15:18 - 2014-01-04 15:24 - 69095472 _____ (Dell Inc.) C:\Users\Prinzessin\Downloads\Input_Driver_FGG85_WN_8.1200.101.214_A02.EXE
2014-01-04 15:16 - 2014-01-04 15:16 - 10121992 _____ C:\Users\Prinzessin\Downloads\Tocuhpad treiber.exe
2014-01-01 21:47 - 2014-01-01 21:47 - 00000000 ____D C:\Program Files (x86)\Nightly
2014-01-01 18:43 - 2014-01-01 18:53 - 00000000 ____D C:\Users\Prinzessin\Documents\Kiwilicious
2014-01-01 18:42 - 2014-01-01 18:42 - 00000676 _____ C:\Users\Prinzessin\Documents\cookie.html
2014-01-01 18:42 - 2014-01-01 18:42 - 00000512 _____ C:\Users\Prinzessin\Documents\.htaccess
2013-12-29 20:21 - 2013-12-29 20:21 - 00000000 ____D C:\Users\Prinzessin\Desktop\uploads
2013-12-29 14:34 - 2013-12-29 14:34 - 00322096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o.psd
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o (1).psd
2013-12-28 19:51 - 2014-01-01 18:45 - 00000000 ____D C:\Users\Prinzessin\Documents\XAMPP
2013-12-28 19:30 - 2013-12-28 19:30 - 00055224 _____ C:\Users\Prinzessin\Downloads\backerinchen.wordpress.2013-12-28.xml
2013-12-28 19:24 - 2013-12-28 19:24 - 00162710 _____ C:\Users\Prinzessin\Downloads\kiwilicious.wordpress.2013-12-28.xml
2013-12-28 19:15 - 2013-12-28 19:15 - 00000000 ____D C:\Users\Prinzessin\Downloads\wordpress-3.8
2013-12-28 19:12 - 2013-12-28 19:13 - 06367550 _____ C:\Users\Prinzessin\Downloads\wordpress-3.8.zip
2013-12-28 18:59 - 2013-12-28 18:59 - 00003217 _____ C:\Users\Prinzessin\Downloads\wp-config.php
2013-12-28 18:07 - 2013-12-27 21:06 - 00000512 _____ C:\Users\Prinzessin\Desktop\.htaccess.backup
2013-12-28 17:41 - 2013-12-28 17:41 - 03026171 _____ C:\Users\Prinzessin\Downloads\localhost.sql
2013-12-28 16:50 - 2013-12-28 17:42 - 00000000 ____D C:\Program Files\XAMPP
2013-12-28 16:47 - 2013-12-28 16:48 - 123794144 _____ (BitNami) C:\Users\Prinzessin\Downloads\xampp-win32-1.8.3-2-VC11-installer.exe
2013-12-28 16:38 - 2013-12-28 16:43 - 00000961 _____ C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Helios
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Program Files\TextPad 7
2013-12-28 16:37 - 2013-12-28 16:37 - 00000000 ____D C:\Users\Prinzessin\Downloads\txpdeu710
2013-12-28 16:22 - 2013-12-28 16:22 - 02842038 _____ C:\Users\Prinzessin\Downloads\bueno.zip
2013-12-28 16:21 - 2013-12-28 16:21 - 05173196 _____ C:\Users\Prinzessin\Downloads\irresistible.zip
2013-12-27 23:45 - 2013-12-27 23:45 - 00000071 _____ C:\Users\Prinzessin\Desktop\index.html
2013-12-27 22:36 - 2013-12-27 22:36 - 01621358 _____ C:\Users\Prinzessin\Downloads\customizr.3.1.5.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 01651587 _____ C:\Users\Prinzessin\Downloads\hueman.1.2.7.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 00000000 ____D C:\Users\Prinzessin\Downloads\hueman.1.2.7
2013-12-27 21:46 - 2013-12-27 21:46 - 00000000 ____D C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht
2013-12-27 21:45 - 2013-12-27 21:45 - 00029708 _____ C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht.zip
2013-12-27 21:06 - 2013-12-27 21:10 - 00000000 ____D C:\Users\Prinzessin\Desktop\Kiwilicious Backup 27.12
2013-12-27 20:56 - 2013-12-28 18:56 - 00003495 _____ C:\Users\Prinzessin\Desktop\wp-config1.php
2013-12-23 12:19 - 2013-12-23 12:19 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\Program Files\iTunes
2013-12-23 12:18 - 2013-12-23 12:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-23 12:18 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2014-01-19 23:21 - 2014-01-19 23:21 - 00000000 ____D C:\Users\Prinzessin\Desktop\FRST-OlderVersion
2014-01-19 23:21 - 2014-01-15 11:44 - 00010552 _____ C:\Users\Prinzessin\Desktop\FRST.txt
2014-01-19 23:21 - 2014-01-15 11:44 - 00000000 ____D C:\FRST
2014-01-19 23:21 - 2014-01-15 11:43 - 02076672 _____ (Farbar) C:\Users\Prinzessin\Desktop\FRST64.exe
2014-01-19 23:20 - 2014-01-19 23:20 - 00000917 _____ C:\Users\Prinzessin\Desktop\checkup.txt
2014-01-19 23:18 - 2014-01-19 23:18 - 00987425 _____ C:\Users\Prinzessin\Desktop\SecurityCheck.exe
2014-01-19 23:13 - 2013-08-22 17:42 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Dropbox
2014-01-19 23:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-19 22:53 - 2013-08-24 16:38 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-19 21:53 - 2013-08-24 16:38 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-19 16:02 - 2014-01-11 21:21 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\vlc
2014-01-19 13:46 - 2013-08-15 14:15 - 01364415 _____ C:\Windows\WindowsUpdate.log
2014-01-19 12:55 - 2014-01-19 12:55 - 02347384 _____ (ESET) C:\Users\Prinzessin\Downloads\esetsmartinstaller_enu.exe
2014-01-18 20:50 - 2012-07-26 11:27 - 00715482 _____ C:\Windows\system32\perfh007.dat
2014-01-18 20:50 - 2012-07-26 11:27 - 00148046 _____ C:\Windows\system32\perfc007.dat
2014-01-18 20:50 - 2012-07-26 08:28 - 01654648 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-18 18:54 - 2013-08-24 16:39 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-18 17:53 - 2013-08-15 14:22 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3751189097-2915931777-4004511958-1001
2014-01-18 17:39 - 2013-08-22 17:46 - 00000000 ___RD C:\Users\Prinzessin\Documents\Dropbox
2014-01-18 13:46 - 2014-01-18 13:42 - 00000769 _____ C:\Users\Prinzessin\Desktop\JRT.txt
2014-01-18 13:33 - 2014-01-18 13:33 - 00000000 ____D C:\Windows\ERUNT
2014-01-18 13:31 - 2014-01-18 13:31 - 01037068 _____ (Thisisu) C:\Users\Prinzessin\Desktop\JRT.exe
2014-01-18 13:30 - 2014-01-18 13:30 - 00001410 _____ C:\Users\Prinzessin\Desktop\AdwCleaner[S0].txt
2014-01-18 13:29 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-18 13:28 - 2012-07-26 06:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2014-01-18 13:27 - 2014-01-18 13:25 - 00000000 ____D C:\AdwCleaner
2014-01-18 13:22 - 2013-08-15 14:04 - 00004044 _____ C:\Windows\PFRO.log
2014-01-18 13:11 - 2013-08-22 17:46 - 00000994 _____ C:\Users\Prinzessin\Desktop\Dropbox.lnk
2014-01-18 13:11 - 2013-08-22 17:44 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-18 13:11 - 2013-08-15 14:16 - 00000000 ___RD C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-18 13:09 - 2014-01-18 13:09 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Malwarebytes
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-18 13:09 - 2014-01-18 13:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 13:08 - 2014-01-18 13:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Prinzessin\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-18 13:08 - 2014-01-18 13:08 - 01236282 _____ C:\Users\Prinzessin\Desktop\adwcleaner.exe
2014-01-18 13:04 - 2013-08-15 18:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-15 12:21 - 2013-09-24 18:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 12:20 - 2013-08-15 18:20 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 12:18 - 2013-08-15 18:20 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 12:18 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2014-01-15 11:45 - 2014-01-15 11:45 - 00011156 _____ C:\Users\Prinzessin\Desktop\Addition.txt
2014-01-15 10:39 - 2014-01-15 10:31 - 00048596 _____ C:\Users\Prinzessin\Desktop\Extras.Txt
2014-01-15 10:32 - 2014-01-15 10:31 - 00133010 _____ C:\Users\Prinzessin\Desktop\OTL.Txt
2014-01-15 10:10 - 2014-01-15 10:10 - 00602112 _____ (OldTimer Tools) C:\Users\Prinzessin\Desktop\OTL.exe
2014-01-15 10:03 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-11 21:19 - 2014-01-11 21:19 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 21:19 - 2014-01-11 21:19 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 21:15 - 2013-09-24 18:47 - 00000000 ____D C:\Users\Prinzessin\AppData\Local\Microsoft Help
2014-01-11 21:02 - 2014-01-11 21:01 - 24738792 _____ C:\Users\Prinzessin\Downloads\vlc-2.1.2-win64.exe
2014-01-09 12:16 - 2012-07-26 08:21 - 00017735 _____ C:\Windows\setupact.log
2014-01-09 09:02 - 2013-11-20 11:36 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-20 11:36 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-06 20:39 - 2014-01-06 20:39 - 00518875 _____ C:\Users\Prinzessin\Downloads\HA_Statistic.zip
2014-01-06 20:39 - 2014-01-06 20:39 - 00000000 ____D C:\Users\Prinzessin\Downloads\HA_Statistic
2014-01-04 18:41 - 2013-08-24 10:56 - 00000000 ____D C:\Program Files (x86)\Nightly.bak
2014-01-04 15:32 - 2014-01-04 15:24 - 00004928 _____ C:\Windows\DPINST.LOG
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D C:\Program Files\DellTPad
2014-01-04 15:24 - 2014-01-04 15:24 - 00000000 ____D C:\ProgramData\Dell
2014-01-04 15:24 - 2014-01-04 15:18 - 69095472 _____ (Dell Inc.) C:\Users\Prinzessin\Downloads\Input_Driver_FGG85_WN_8.1200.101.214_A02.EXE
2014-01-04 15:16 - 2014-01-04 15:16 - 10121992 _____ C:\Users\Prinzessin\Downloads\Tocuhpad treiber.exe
2014-01-01 21:47 - 2014-01-01 21:47 - 00000000 ____D C:\Program Files (x86)\Nightly
2014-01-01 21:00 - 2013-12-01 21:33 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\FileZilla
2014-01-01 18:53 - 2014-01-01 18:43 - 00000000 ____D C:\Users\Prinzessin\Documents\Kiwilicious
2014-01-01 18:45 - 2013-12-28 19:51 - 00000000 ____D C:\Users\Prinzessin\Documents\XAMPP
2014-01-01 18:42 - 2014-01-01 18:42 - 00000676 _____ C:\Users\Prinzessin\Documents\cookie.html
2014-01-01 18:42 - 2014-01-01 18:42 - 00000512 _____ C:\Users\Prinzessin\Documents\.htaccess
2013-12-29 20:21 - 2013-12-29 20:21 - 00000000 ____D C:\Users\Prinzessin\Desktop\uploads
2013-12-29 14:34 - 2013-12-29 14:34 - 00322096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o.psd
2013-12-28 23:53 - 2013-12-28 23:53 - 21850807 _____ C:\Users\Prinzessin\Downloads\4725693899_2dbf489d5e_o (1).psd
2013-12-28 19:30 - 2013-12-28 19:30 - 00055224 _____ C:\Users\Prinzessin\Downloads\backerinchen.wordpress.2013-12-28.xml
2013-12-28 19:24 - 2013-12-28 19:24 - 00162710 _____ C:\Users\Prinzessin\Downloads\kiwilicious.wordpress.2013-12-28.xml
2013-12-28 19:15 - 2013-12-28 19:15 - 00000000 ____D C:\Users\Prinzessin\Downloads\wordpress-3.8
2013-12-28 19:13 - 2013-12-28 19:12 - 06367550 _____ C:\Users\Prinzessin\Downloads\wordpress-3.8.zip
2013-12-28 18:59 - 2013-12-28 18:59 - 00003217 _____ C:\Users\Prinzessin\Downloads\wp-config.php
2013-12-28 18:56 - 2013-12-27 20:56 - 00003495 _____ C:\Users\Prinzessin\Desktop\wp-config1.php
2013-12-28 17:42 - 2013-12-28 16:50 - 00000000 ____D C:\Program Files\XAMPP
2013-12-28 17:41 - 2013-12-28 17:41 - 03026171 _____ C:\Users\Prinzessin\Downloads\localhost.sql
2013-12-28 16:48 - 2013-12-28 16:47 - 123794144 _____ (BitNami) C:\Users\Prinzessin\Downloads\xampp-win32-1.8.3-2-VC11-installer.exe
2013-12-28 16:43 - 2013-12-28 16:38 - 00000961 _____ C:\Users\Prinzessin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Users\Prinzessin\AppData\Roaming\Helios
2013-12-28 16:38 - 2013-12-28 16:38 - 00000000 ____D C:\Program Files\TextPad 7
2013-12-28 16:37 - 2013-12-28 16:37 - 00000000 ____D C:\Users\Prinzessin\Downloads\txpdeu710
2013-12-28 16:22 - 2013-12-28 16:22 - 02842038 _____ C:\Users\Prinzessin\Downloads\bueno.zip
2013-12-28 16:21 - 2013-12-28 16:21 - 05173196 _____ C:\Users\Prinzessin\Downloads\irresistible.zip
2013-12-27 23:45 - 2013-12-27 23:45 - 00000071 _____ C:\Users\Prinzessin\Desktop\index.html
2013-12-27 22:36 - 2013-12-27 22:36 - 01621358 _____ C:\Users\Prinzessin\Downloads\customizr.3.1.5.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 01651587 _____ C:\Users\Prinzessin\Downloads\hueman.1.2.7.zip
2013-12-27 21:54 - 2013-12-27 21:54 - 00000000 ____D C:\Users\Prinzessin\Downloads\hueman.1.2.7
2013-12-27 21:46 - 2013-12-27 21:46 - 00000000 ____D C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht
2013-12-27 21:45 - 2013-12-27 21:45 - 00029708 _____ C:\Users\Prinzessin\Downloads\schatzhatskaputtgemacht.zip
2013-12-27 21:10 - 2013-12-27 21:06 - 00000000 ____D C:\Users\Prinzessin\Desktop\Kiwilicious Backup 27.12
2013-12-27 21:06 - 2013-12-28 18:07 - 00000512 _____ C:\Users\Prinzessin\Desktop\.htaccess.backup
2013-12-23 12:38 - 2013-09-24 18:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-12-23 12:19 - 2013-12-23 12:19 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iTunes
2013-12-23 12:19 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-23 12:18 - 2013-12-23 12:18 - 00000000 ____D C:\Program Files\iPod

Some content of TEMP:
====================
C:\Users\Prinzessin\AppData\Local\Temp\ose00000.exe
C:\Users\Prinzessin\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Prinzessin\AppData\Local\Temp\Quarantine.exe
C:\Users\Prinzessin\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-17 10:43

==================== End Of Log ============================
         
--- --- ---

Alt 20.01.2014, 22:10   #8
schrauber
/// the machine
/// TB-Ausbilder
 

VLC von der falschen Seite geladen.. - Standard

VLC von der falschen Seite geladen..



Der kann bleiben

Fertig

Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.01.2014, 21:57   #9
stigma
 
VLC von der falschen Seite geladen.. - Standard

VLC von der falschen Seite geladen..



Alles erledigt. Vielen vielen Dank nochmal für die tolle und schnelle Hilfe

Alt 27.01.2014, 16:11   #10
schrauber
/// the machine
/// TB-Ausbilder
 

VLC von der falschen Seite geladen.. - Standard

VLC von der falschen Seite geladen..



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu VLC von der falschen Seite geladen..
adobe reader xi, autorun, bho, bonjour, browser, desktop, down, error, fehler, firefox, format, frage, google, helper, iexplore.exe, install.exe, logfile, mozilla, registry, required, rundll, scan, security, senden, software, svchost.exe, trojaner, windows




Ähnliche Themen: VLC von der falschen Seite geladen..


  1. webseiten werden umgeleitet und Seitenladefehler "Die Verbindung zum Server wurde zurückgesetzt, während die Seite geladen wurde"
    Log-Analyse und Auswertung - 25.11.2014 (14)
  2. cdn.cloudwm-Seite kann nicht geladen werden!
    Plagegeister aller Art und deren Bekämpfung - 24.07.2014 (19)
  3. BKA MAil mit falschen Absender Virus?
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (5)
  4. nach interpol bka seite - jetzt nur noch weiße Seite kann nicht im abgesicherten Modus starten
    Plagegeister aller Art und deren Bekämpfung - 07.08.2013 (15)
  5. Google öffnet die falschen Links
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (20)
  6. Seite konnte nicht geladen werden, Abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (2)
  7. Win7 beim hochfahren ist der desktop blockiert mir einer seite, diese seite kann nicht angezeigt werden
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (1)
  8. "Seite konnte nicht geladen werden usw."
    Plagegeister aller Art und deren Bekämpfung - 14.06.2012 (1)
  9. Seite konnte nicht geladen werden, Abgesicherter Modus geht nicht
    Alles rund um Windows - 16.03.2012 (16)
  10. Adblock Plus wird auf der falschen Seite angezeigt
    Alles rund um Windows - 18.04.2011 (8)
  11. falschen Admin gelöscht
    Alles rund um Windows - 28.01.2010 (6)
  12. ALG.EXE-Datei im falschen Ordner?
    Plagegeister aller Art und deren Bekämpfung - 30.05.2009 (5)
  13. Seite Finn.no wird nie geladen
    Alles rund um Windows - 25.05.2009 (0)
  14. Das leidige problem mit falschen verlinkungen im ie7
    Plagegeister aller Art und deren Bekämpfung - 05.05.2007 (12)
  15. Abfolge der Postings von erstem (Seite 1 oben) zu letztem (Seite xy unten)
    Lob, Kritik und Wünsche - 09.01.2007 (1)
  16. Icons in der Systemsteuerung am falschen Platz
    Alles rund um Windows - 16.09.2006 (13)

Zum Thema VLC von der falschen Seite geladen.. - Hallo zusammen, ich bin auch mal wieder hier. Ich habe mir vor einigen Tagen VLC von VLC.de runtergeladen. Nun ist mir aufgefallen, dass auf meinem Desktop ein Symbol Startseite ist. - VLC von der falschen Seite geladen.....
Archiv
Du betrachtest: VLC von der falschen Seite geladen.. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.