|
Log-Analyse und Auswertung: Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse FundeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.10.2013, 19:08 | #1 |
| Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde Hallo liebe community! Ich habe eben dummerweise einen eMail-Anhang geöffnet. Mein Betriebssystem ist Windows 8, Antivir als Antivirenprogramm und ich habe seit dem öffnen noch nicht neu gestartet Betreffzeile der Mail: Fax von 04018138550 Im Anhang der mail hing eine zip Datei die nach dem entpacken eine exe wurde mit folgendem Namen: "28 10 13_Telefax.04018138005" Ich habe wie gesagt diese Datei mit doppelklick ausgeführt. Ärgert mich selber. Jetzt habe ich diese Datei auf www.virustotal.com scannen lassen und dort wurde jede Menge gefunden. file detail: PE signature block Publisher mpolikjutd Product mposednhytf File version 1.00.0009 Funde: Trojan/Win32.CryptoVB a variant of Win32/Injector.APQG Trojan-Spy.Injector Trojan-PSW.Win32.Fareit.amdr Heuristic.BehavesLike.Win32.Downloader.D Troj/Mdrop-FMK Posible_Worm32 TROJ_GEN.F0D1H00JS13 Hoffe mir kann hier jemand helfen. edit: bis jetzt hab ich noch keine Veränderungen gespürt |
29.10.2013, 00:15 | #2 |
/// TB-Ausbilder | Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde Hallo,
__________________mach zum Starten bitte einen FRST-Scan: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
29.10.2013, 15:03 | #3 |
| Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde Hallo danke das du dich meinem Problem annimmst.
__________________Hier die log files FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013 Ran by Mario (administrator) on NOTEBOOKMARIO on 29-10-2013 14:56:30 Running from C:\Users\Mario\Downloads Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\windows\system32\atiesrxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (AMD) C:\windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Microsoft Corporation) C:\windows\system32\dashost.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (VMware, Inc.) C:\windows\SysWOW64\vmnat.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) C:\windows\SysWOW64\vmnetdhcp.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\windows\system32\igfxext.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\windows\SysWOW64\svchost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (CurioLab S.M.B.A.) C:\Program Files (x86)\Exterminate It!\ExterminateIt.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor) HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Mario\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] () HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093976 2013-09-19] (Garmin Ltd or its subsidiaries) HKCU\...\Run: [Jing] - C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\CurrentVersion\Windows: [Load] c:\users\mario\dxbafev.exe <===== ATTENTION HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-10-23] (APN) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com SearchScopes: HKLM - DefaultScope {F0BD9D00-CD5E-435A-8A65-8252EF1CF710} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM - {F0BD9D00-CD5E-435A-8A65-8252EF1CF710} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - DefaultScope {F0BD9D00-CD5E-435A-8A65-8252EF1CF710} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - {F0BD9D00-CD5E-435A-8A65-8252EF1CF710} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKCU - DefaultScope {F0BD9D00-CD5E-435A-8A65-8252EF1CF710} URL = SearchScopes: HKCU - {F0BD9D00-CD5E-435A-8A65-8252EF1CF710} URL = BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\e1ozyx9j.default FF Homepage: hxxp://www.suedwestkurve.de FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Program Files (x86)\Mozilla Firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Mario\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\e1ozyx9j.default\Extensions\de_DE@dicts.j3e.de FF Extension: No Name - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\e1ozyx9j.default\Extensions\trash FF Extension: Garmin Communicator - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\e1ozyx9j.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} FF Extension: FoxTrick - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\e1ozyx9j.default\Extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} FF Extension: psicotsi - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\e1ozyx9j.default\Extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}.xpi FF Extension: Adblock Plus - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\e1ozyx9j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [815160 2013-09-05] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-08-08] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [82136 2013-09-05] (Avira Operations GmbH & Co. KG) R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 OXSDIDRV_x64; C:\Windows\system32\DRIVERS\OXSDIDRV_x64.sys [52384 2011-08-23] () R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.) S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-29 14:55 - 2013-10-29 14:55 - 00000000 ____D C:\FRST 2013-10-29 14:52 - 2013-10-29 14:52 - 01956538 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe 2013-10-28 20:31 - 2013-10-28 20:31 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Curiolab 2013-10-28 19:34 - 2013-10-28 21:24 - 00000000 ____D C:\Program Files (x86)\Exterminate It! 2013-10-28 19:34 - 2013-10-28 19:34 - 00001105 _____ C:\Users\Public\Desktop\Exterminate It!.lnk 2013-10-28 19:33 - 2013-10-28 19:34 - 04589838 _____ (Curio Lab) C:\Users\Mario\Downloads\ExterminateItSetup.exe 2013-10-28 18:00 - 2013-10-28 18:00 - 103746026 _____ C:\windows\SysWOW64\᯾睪聨µ߿ 2013-10-27 17:37 - 2013-10-27 17:37 - 00000000 ____D C:\Program Files (x86)\TechSmith 2013-10-22 13:13 - 2013-10-22 13:13 - 00001956 _____ C:\Users\Public\Desktop\SW Update.lnk 2013-10-21 13:45 - 2013-10-21 13:45 - 00000000 ____D C:\Users\Mario\Downloads\wbblite2.1.2 2013-10-20 19:28 - 2013-10-21 13:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-10-20 10:16 - 2013-10-20 10:16 - 00001526 _____ C:\Users\Mario\Desktop\Jing.lnk 2013-10-20 10:13 - 2013-10-20 10:14 - 06692840 _____ C:\Users\Mario\Downloads\jing.exe 2013-10-20 09:54 - 2013-10-20 09:54 - 00001283 _____ C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jing.lnk 2013-10-20 09:32 - 2013-10-20 09:33 - 04849168 _____ C:\windows\system32\FNTCACHE.DAT 2013-10-19 15:48 - 2013-10-19 15:48 - 101983560 _____ C:\windows\SysWOW64\᯾矮Ø߿ 2013-10-19 10:42 - 2013-10-02 02:38 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-10-19 10:42 - 2013-10-02 02:38 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-19 09:59 - 2013-10-19 09:59 - 00000791 _____ C:\Users\Public\Desktop\SaalDesignSoftware.lnk 2013-10-19 07:12 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-10-19 07:12 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-10-19 07:12 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-10-19 07:12 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-10-19 07:12 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-10-19 07:12 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-10-19 07:12 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-10-19 07:12 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-10-19 07:12 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-10-19 07:12 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-10-19 07:12 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-10-19 07:12 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-10-19 07:12 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-10-19 07:12 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-10-19 07:12 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-10-19 07:12 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-10-19 07:12 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-10-19 07:12 - 2013-07-06 01:15 - 00652288 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll 2013-10-19 07:12 - 2013-07-04 03:13 - 00541696 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll 2013-10-19 07:12 - 2013-05-15 23:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll 2013-10-19 07:12 - 2013-05-15 23:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll 2013-10-19 07:12 - 2013-05-14 14:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-10-19 07:12 - 2013-05-14 10:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-10-19 07:12 - 2013-04-28 23:28 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll 2013-10-19 07:12 - 2013-02-21 11:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-10-19 07:12 - 2013-02-21 11:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-10-19 07:12 - 2013-02-21 11:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-10-19 07:12 - 2013-02-21 11:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-10-19 07:12 - 2013-02-21 11:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-10-19 07:12 - 2013-02-21 11:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-10-19 07:12 - 2013-02-19 10:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll 2013-10-19 07:12 - 2012-11-08 05:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-10-19 07:12 - 2012-11-08 05:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-10-19 07:11 - 2013-08-23 06:11 - 04040192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-10-19 07:11 - 2013-07-19 23:13 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-19 07:11 - 2013-07-19 23:13 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-19 07:11 - 2013-07-05 23:02 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys 2013-10-19 07:11 - 2013-07-05 23:01 - 00210560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys 2013-10-19 07:11 - 2013-07-02 02:41 - 00447320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS 2013-10-19 07:11 - 2013-07-02 02:41 - 00337752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS 2013-10-19 07:11 - 2013-07-02 02:41 - 00213336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS 2013-10-19 07:11 - 2013-07-01 23:14 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbprint.sys 2013-10-19 07:11 - 2013-07-01 02:42 - 00623448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2013-10-19 07:11 - 2013-07-01 02:42 - 00498008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2013-10-19 07:11 - 2013-07-01 02:42 - 00079192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2013-10-19 07:11 - 2013-07-01 02:42 - 00021848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2013-10-19 07:11 - 2013-06-29 04:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys 2013-10-19 07:11 - 2013-06-29 04:07 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys 2013-10-19 07:11 - 2013-06-29 04:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2013-10-19 07:11 - 2013-06-29 04:06 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2013-10-19 07:11 - 2013-06-22 06:45 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys 2013-10-19 07:11 - 2013-06-22 06:45 - 00054488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys 2013-10-19 07:11 - 2013-05-27 00:17 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll 2013-10-19 07:11 - 2013-05-26 23:59 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll 2013-10-19 07:11 - 2013-05-25 04:15 - 00362496 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll 2013-10-19 07:11 - 2013-05-25 03:32 - 00300032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll 2013-10-18 19:30 - 2013-10-18 19:30 - 00000000 ____D C:\ProgramData\Oracle 2013-10-18 19:30 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-18 19:30 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-10-18 19:30 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-10-18 19:30 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-10-18 19:29 - 2013-10-18 19:30 - 00004897 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-06 16:18 - 2013-10-06 16:18 - 00001622 _____ C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\autostitch - Verknüpfung.lnk 2013-10-06 16:17 - 2013-10-06 16:17 - 00001394 _____ C:\Users\Mario\Desktop\autostitch - Verknüpfung.lnk 2013-10-06 16:17 - 2013-10-06 16:17 - 00000000 ____D C:\Users\Mario\Downloads\autostitch22 2013-10-06 08:53 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll 2013-10-06 08:53 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll 2013-10-06 08:53 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll 2013-10-06 08:53 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2013-10-06 08:53 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll 2013-10-06 08:53 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll 2013-10-06 08:53 - 2013-08-02 07:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2013-10-06 08:53 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2013-10-06 08:53 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll 2013-10-06 08:53 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll 2013-10-06 08:53 - 2013-08-02 06:06 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll 2013-10-06 08:53 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2013-10-06 08:53 - 2013-07-31 00:30 - 00386923 _____ C:\windows\system32\ApnDatabase.xml 2013-10-06 08:53 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll 2013-10-06 08:53 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll 2013-10-06 08:53 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll 2013-10-06 08:53 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll 2013-10-06 08:52 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll 2013-10-06 08:52 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll 2013-10-06 08:52 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx 2013-10-06 08:52 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx 2013-10-06 08:52 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll 2013-10-06 08:52 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll 2013-10-05 15:11 - 2013-10-05 15:11 - 05024696 _____ (Martin Prikryl ) C:\Users\Mario\Downloads\winscp517setup.exe 2013-10-05 15:07 - 2013-10-05 15:07 - 99359319 _____ C:\windows\SysWOW64\᯾眗ᮠê߿ 2013-10-05 14:37 - 2013-10-05 14:37 - 00000000 ____D C:\Users\Mario\AppData\Roaming\PlxTech 2013-10-05 14:37 - 2013-10-05 14:37 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iomega Encryption 2013-10-05 14:37 - 2013-10-05 14:37 - 00000000 ____D C:\Program Files (x86)\PLX Technology 2013-10-05 14:37 - 2013-10-05 14:37 - 00000000 ____D C:\Program Files (x86)\Iomega 2013-10-05 14:36 - 2013-10-05 14:36 - 00000000 ____D C:\Users\Mario\Downloads\iomega-encryption-windows-v3.1.0 2013-10-05 14:36 - 2013-10-05 14:36 - 00000000 ____D C:\Program Files\Iomega 2013-10-05 09:45 - 2013-10-19 10:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-05 09:45 - 2013-10-19 10:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-09-30 22:37 - 2013-09-30 22:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-10-29 14:55 - 2013-10-29 14:55 - 00000000 ____D C:\FRST 2013-10-29 14:52 - 2013-10-29 14:52 - 01956538 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe 2013-10-29 14:52 - 2012-09-03 10:44 - 00000360 _____ C:\windows\Tasks\Xerox PhotoCafe Communicator.job 2013-10-29 14:44 - 2013-08-07 23:17 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-10-29 14:00 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru 2013-10-29 13:44 - 2012-09-03 09:48 - 01116092 _____ C:\windows\WindowsUpdate.log 2013-10-28 21:24 - 2013-10-28 19:34 - 00000000 ____D C:\Program Files (x86)\Exterminate It! 2013-10-28 20:31 - 2013-10-28 20:31 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Curiolab 2013-10-28 19:59 - 2012-09-03 10:27 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-10-28 19:34 - 2013-10-28 19:34 - 00001105 _____ C:\Users\Public\Desktop\Exterminate It!.lnk 2013-10-28 19:34 - 2013-10-28 19:33 - 04589838 _____ (Curio Lab) C:\Users\Mario\Downloads\ExterminateItSetup.exe 2013-10-28 18:22 - 2013-08-07 23:04 - 00000000 ____D C:\Users\Mario 2013-10-28 18:00 - 2013-10-28 18:00 - 103746026 _____ C:\windows\SysWOW64\᯾睪聨µ߿ 2013-10-27 17:37 - 2013-10-27 17:37 - 00000000 ____D C:\Program Files (x86)\TechSmith 2013-10-25 20:10 - 2013-08-07 23:06 - 00000000 ____D C:\Users\Mario\AppData\Local\CrashDumps 2013-10-25 18:46 - 2013-08-07 23:05 - 00000000 ____D C:\Users\Mario\AppData\Local\VirtualStore 2013-10-23 09:00 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent 2013-10-22 13:13 - 2013-10-22 13:13 - 00001956 _____ C:\Users\Public\Desktop\SW Update.lnk 2013-10-21 16:36 - 2013-09-08 10:22 - 00000132 _____ C:\Users\Mario\AppData\Roaming\Adobe PNG Format CS5 Prefs 2013-10-21 16:26 - 2012-09-04 02:11 - 00756856 _____ C:\windows\system32\perfh007.dat 2013-10-21 16:26 - 2012-09-04 02:11 - 00157572 _____ C:\windows\system32\perfc007.dat 2013-10-21 16:26 - 2012-07-26 08:28 - 01756956 _____ C:\windows\system32\PerfStringBackup.INI 2013-10-21 15:01 - 2013-08-07 23:15 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2613245926-3574014760-4208713533-1001 2013-10-21 13:55 - 2012-09-03 10:35 - 00000000 ____D C:\ProgramData\WinClon 2013-10-21 13:54 - 2013-10-20 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-10-21 13:54 - 2013-08-07 23:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-21 13:52 - 2013-08-21 18:23 - 00000000 ____D C:\ProgramData\VMware 2013-10-21 13:52 - 2012-09-03 10:27 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-10-21 13:52 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-10-21 13:51 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI 2013-10-21 13:45 - 2013-10-21 13:45 - 00000000 ____D C:\Users\Mario\Downloads\wbblite2.1.2 2013-10-20 10:16 - 2013-10-20 10:16 - 00001526 _____ C:\Users\Mario\Desktop\Jing.lnk 2013-10-20 10:14 - 2013-10-20 10:13 - 06692840 _____ C:\Users\Mario\Downloads\jing.exe 2013-10-20 09:54 - 2013-10-20 09:54 - 00001283 _____ C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jing.lnk 2013-10-20 09:33 - 2013-10-20 09:32 - 04849168 _____ C:\windows\system32\FNTCACHE.DAT 2013-10-19 15:48 - 2013-10-19 15:48 - 101983560 _____ C:\windows\SysWOW64\᯾矮Ø߿ 2013-10-19 10:49 - 2013-10-05 09:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-19 10:49 - 2013-10-05 09:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-19 10:45 - 2013-08-15 11:37 - 00000000 ____D C:\windows\system32\MRT 2013-10-19 10:44 - 2013-08-07 23:12 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-10-19 09:59 - 2013-10-19 09:59 - 00000791 _____ C:\Users\Public\Desktop\SaalDesignSoftware.lnk 2013-10-19 09:59 - 2013-09-16 09:58 - 00000000 ____D C:\Foto 2013-10-19 09:36 - 2013-08-08 12:31 - 00000000 ____D C:\Users\Mario\AppData\Local\Thunderbird 2013-10-18 19:30 - 2013-10-18 19:30 - 00000000 ____D C:\ProgramData\Oracle 2013-10-18 19:30 - 2013-10-18 19:29 - 00004897 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-18 19:30 - 2013-08-07 23:06 - 00000000 ____D C:\Program Files (x86)\Java 2013-10-10 17:44 - 2013-08-07 23:17 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-10-08 06:50 - 2013-10-18 19:30 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-08 06:46 - 2013-10-18 19:30 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-10-08 06:46 - 2013-10-18 19:30 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-10-08 06:46 - 2013-10-18 19:30 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-10-06 16:18 - 2013-10-06 16:18 - 00001622 _____ C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\autostitch - Verknüpfung.lnk 2013-10-06 16:17 - 2013-10-06 16:17 - 00001394 _____ C:\Users\Mario\Desktop\autostitch - Verknüpfung.lnk 2013-10-06 16:17 - 2013-10-06 16:17 - 00000000 ____D C:\Users\Mario\Downloads\autostitch22 2013-10-06 12:02 - 2012-07-26 09:12 - 00000000 ____D C:\windows\rescache 2013-10-06 09:30 - 2013-08-07 23:08 - 00000000 ___RD C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-06 09:30 - 2013-08-07 23:08 - 00000000 ___RD C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-10-06 09:28 - 2012-07-26 09:12 - 00000000 ___RD C:\windows\ToastData 2013-10-05 19:26 - 2012-08-05 22:07 - 00353450 _____ C:\windows\PFRO.log 2013-10-05 15:11 - 2013-10-05 15:11 - 05024696 _____ (Martin Prikryl ) C:\Users\Mario\Downloads\winscp517setup.exe 2013-10-05 15:07 - 2013-10-05 15:07 - 99359319 _____ C:\windows\SysWOW64\᯾眗ᮠê߿ 2013-10-05 14:37 - 2013-10-05 14:37 - 00000000 ____D C:\Users\Mario\AppData\Roaming\PlxTech 2013-10-05 14:37 - 2013-10-05 14:37 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iomega Encryption 2013-10-05 14:37 - 2013-10-05 14:37 - 00000000 ____D C:\Program Files (x86)\PLX Technology 2013-10-05 14:37 - 2013-10-05 14:37 - 00000000 ____D C:\Program Files (x86)\Iomega 2013-10-05 14:36 - 2013-10-05 14:36 - 00000000 ____D C:\Users\Mario\Downloads\iomega-encryption-windows-v3.1.0 2013-10-05 14:36 - 2013-10-05 14:36 - 00000000 ____D C:\Program Files\Iomega 2013-10-03 09:53 - 2013-08-07 23:17 - 00000000 ____D C:\Users\Mario\AppData\Local\Mozilla 2013-10-02 02:38 - 2013-10-19 10:42 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-10-02 02:38 - 2013-10-19 10:42 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-30 22:37 - 2013-09-30 22:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\Mario\dxbafev.exe C:\Users\Mario\dxbsulx.exe Some content of TEMP: ==================== C:\Users\Mario\AppData\Local\Temp\1967873752.exe C:\Users\Mario\AppData\Local\Temp\2037930579.exe C:\Users\Mario\AppData\Local\Temp\2038144954.exe C:\Users\Mario\AppData\Local\Temp\2038160363.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-20 08:51 ==================== End Of Log ============================ --- --- --- und hier die Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-10-2013 Ran by Mario at 2013-10-29 14:58:35 Running from C:\Users\Mario\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe AIR (x32 Version: 3.8.0.1430) Adobe Community Help (x32 Version: 3.0.0) Adobe Community Help (x32 Version: 3.0.0.400) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Media Player (x32 Version: 1.8) Adobe Photoshop CS5 (x32 Version: 12.0) Adobe Photoshop Lightroom 5 64-bit (Version: 5.0.1) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133) Allshare Play Link (x32 Version: 1.0.0) AllSharePlayLink (x32 Version: 1.0.0) Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18) AMD APP SDK Runtime (Version: 10.0.938.2) AMD Catalyst Install Manager (Version: 8.0.881.0) Audacity 2.0.3 (x32 Version: 2.0.3) Avira Free Antivirus (x32 Version: 13.0.0.4052) Avira SearchFree Toolbar (x32 Version: 12.6.0.1900) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center (x32 Version: 2012.0806.1156.19437) Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437) Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437) Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437) Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437) CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437) CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437) CCC Help Czech (x32 Version: 2012.0806.1155.19437) CCC Help Danish (x32 Version: 2012.0806.1155.19437) CCC Help Dutch (x32 Version: 2012.0806.1155.19437) CCC Help English (x32 Version: 2012.0806.1155.19437) CCC Help Finnish (x32 Version: 2012.0806.1155.19437) CCC Help French (x32 Version: 2012.0806.1155.19437) CCC Help German (x32 Version: 2012.0806.1155.19437) CCC Help Greek (x32 Version: 2012.0806.1155.19437) CCC Help Hungarian (x32 Version: 2012.0806.1155.19437) CCC Help Italian (x32 Version: 2012.0806.1155.19437) CCC Help Japanese (x32 Version: 2012.0806.1155.19437) CCC Help Korean (x32 Version: 2012.0806.1155.19437) CCC Help Norwegian (x32 Version: 2012.0806.1155.19437) CCC Help Polish (x32 Version: 2012.0806.1155.19437) CCC Help Portuguese (x32 Version: 2012.0806.1155.19437) CCC Help Russian (x32 Version: 2012.0806.1155.19437) CCC Help Spanish (x32 Version: 2012.0806.1155.19437) CCC Help Swedish (x32 Version: 2012.0806.1155.19437) CCC Help Thai (x32 Version: 2012.0806.1155.19437) CCC Help Turkish (x32 Version: 2012.0806.1155.19437) ccc-utility64 (Version: 2012.0806.1156.19437) Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000) CyberLink Power2Go 8 (x32 Version: 8.0.0.1912) CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02) D3DX10 (x32 Version: 15.4.2368.0902) Easy File Share (x32 Version: 1.3.4) Elevated Installer (x32 Version: 2.3.14.0) E-POP (x32 Version: 1.0.1) Exterminate It! (x32 Version: 1.76.05.25) Flatcast Viewer Plugin 5.3.0.784 (x32) FotoFusionV4 (x32 Version: 4.1) Fotogalerie (x32 Version: 16.4.3505.0912) Galerie de photos (x32 Version: 16.4.3505.0912) Garmin Express (x32 Version: 2.3.14.0) Garmin Express Tray (x32 Version: 2.3.14.0) Hattrick Organizer (remove only) (x32) Help Desk (Version: 1.0.96) Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11) Intel(R) Control Center (x32 Version: 1.2.1.1008) Intel(R) Display Audio Driver (x32 Version: 6.14.00.3097) Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252) Intel(R) Rapid Storage Technology (x32 Version: 11.6.0.1030) Intel® Trusted Connect Service Client (Version: 1.24.388.1) Iomega Encryption 3.1.0 (Version: 3.1.0) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Jing (x32 Version: 2.8.13007.1) K-Lite Mega Codec Pack 10.0.0 (x32 Version: 10.0.0) LAME v3.99.3 (for Windows) (x32) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office (x32 Version: 14.0.6120.5004) Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Movie Maker (x32 Version: 16.4.3505.0912) MozBackup 1.5.1 (x32) Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0) Mozilla Maintenance Service (x32 Version: 24.0.1) Mozilla Thunderbird 24.0.1 (x86 de) (x32 Version: 24.0.1) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) Norton Online Backup (x32 Version: 2.2.3.45) Norton Online Backup ARA (x32 Version: 4.1.0.11) Opera Stable 15.0.1147.153 (x32 Version: 15.0.1147.153) PDF Settings CS5 (x32 Version: 10.0) Photo Common (x32 Version: 16.4.3505.0912) Photo Gallery (x32 Version: 16.4.3505.0912) Photomatix Pro version 4.1.2 (x32 Version: 4.1.2) Plants vs. Zombies (x32) PX Profile Update (x32 Version: 1.00.1.) Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.216) Qualcomm Atheros Client Installation Program (x32 Version: 10.0) Quick Starter (Version: 1.0.2) Raccolta foto (x32 Version: 16.4.3505.0912) Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6702) Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030) Recovery (x32 Version: 6.0.10.0) RemoteComms driver (x32 Version: 1.30.0002) S Agent (Version: 1.1.45) Saal Design Software (x32 Version: 3.2.18) Settings (x32 Version: 2.0.0) Support Center (Version: 2.1.1106) Support Center FAQ (x32 Version: 1.0.11) SW Update (x32 Version: 2.1.21) swMSM (x32 Version: 12.0.0.1) Synaptics Pointing Device Driver (Version: 16.2.14.2) tools-linux (x32 Version: 9.2.3.1031769) User Guide (x32 Version: 1.2.00) VMware Player (Version: 5.0.2) VMware Player (x32 Version: 5.0.2) Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735) Windows Live (x32 Version: 16.4.3505.0912) Windows Live Communications Platform (x32 Version: 16.4.3505.0912) Windows Live Essentials (x32 Version: 16.4.3505.0912) Windows Live Installer (x32 Version: 16.4.3505.0912) Windows Live Photo Common (x32 Version: 16.4.3505.0912) Windows Live PIMT Platform (x32 Version: 16.4.3505.0912) Windows Live SOXE (x32 Version: 16.4.3505.0912) Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912) Windows Live UX Platform (x32 Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912) WinRAR 4.20 (64-Bit) (Version: 4.20.0) Xerox PhotoCafe (x32 Version: 1.0.0.6162) ==================== Restore Points ========================= 27-10-2013 16:33:05 Removed Jing ==================== Hosts content: ========================== 2012-07-26 06:26 - 2013-08-08 16:29 - 00001292 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 hl2rcv.adobe.com ==================== Scheduled Tasks (whitelisted) ============= Task: {2A8112E1-1AFC-4692-A451-8BEA7E0041DC} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation) Task: {3176FCAC-B027-4D9C-8F92-9E0AC2AB7AFE} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: {570A88EC-64AE-45AF-B989-D31FB4001F4D} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe Task: {6465A256-6CCD-43E4-895F-F2FE7B775ACF} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] () Task: {A5FAF16F-9F42-40CD-9036-E2B0ECBD695F} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-26] (Samsung Electronics CO., LTD.) Task: {ABFDCBEF-CD3E-4AAB-95E6-DEC6A2497341} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: {BE80140D-C8B7-4A6E-970E-C9D80548060F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated) Task: {DF799127-DE9B-4B2E-9D14-1BD04E8F9BA0} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.) Task: {E882B7AA-316D-42EF-8B30-2840E9D45B10} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {F1C409C6-0653-4089-9F27-1979FE3BA6B0} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-08-23] (SEC) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe ==================== Loaded Modules (whitelisted) ============= 2012-07-20 07:16 - 2012-07-20 07:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-08-07 23:40 - 2013-08-07 23:51 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2013-10-16 18:15 - 2013-10-16 18:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll 2012-08-06 03:54 - 2012-08-06 03:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2013-08-08 20:41 - 2013-08-08 20:40 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2013-02-26 01:28 - 2013-02-26 01:28 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 01015416 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2012-09-03 10:41 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 03:34 - 2012-06-08 03:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2013-09-13 23:16 - 2013-09-13 23:16 - 00017920 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\26def6ab53d268e53635f2a61a1b2ed3\PSIClient.ni.dll 2012-09-03 10:26 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2013-01-07 14:56 - 2013-01-07 14:56 - 01059784 _____ () C:\Program Files (x86)\TechSmith\Jing\Recorder.dll 2013-09-30 22:37 - 2013-09-30 22:37 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-10-20 19:28 - 2013-10-20 19:28 - 03008112 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2013-10-20 19:28 - 2013-10-20 19:28 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2013-10-20 19:28 - 2013-10-20 19:28 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2013-10-28 19:35 - 2013-10-28 19:35 - 00318531 _____ () C:\Program Files (x86)\Exterminate It!\sqlite3.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/28/2013 04:13:08 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (10/28/2013 04:13:07 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (10/28/2013 04:13:07 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (10/28/2013 04:13:06 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (10/28/2013 02:42:53 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (10/25/2013 08:10:30 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.9200.16420, Zeitstempel: 0x505aa40e Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0xc0000417 Fehleroffset: 0x0008af3e ID des fehlerhaften Prozesses: 0x4f8 Startzeit der fehlerhaften Anwendung: 0xwmplayer.exe0 Pfad der fehlerhaften Anwendung: wmplayer.exe1 Pfad des fehlerhaften Moduls: wmplayer.exe2 Berichtskennung: wmplayer.exe3 Vollständiger Name des fehlerhaften Pakets: wmplayer.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: wmplayer.exe5 Error: (10/25/2013 01:57:40 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: PhotomatixProcessingServer.exe, Version: 4.1.0.105, Zeitstempel: 0x4e60d1d9 Name des fehlerhaften Moduls: Photomatix40Lib1.dll, Version: 4.1.0.105, Zeitstempel: 0x4e60d13c Ausnahmecode: 0xc0000005 Fehleroffset: 0x000366ca ID des fehlerhaften Prozesses: 0x1ff4 Startzeit der fehlerhaften Anwendung: 0xPhotomatixProcessingServer.exe0 Pfad der fehlerhaften Anwendung: PhotomatixProcessingServer.exe1 Pfad des fehlerhaften Moduls: PhotomatixProcessingServer.exe2 Berichtskennung: PhotomatixProcessingServer.exe3 Vollständiger Name des fehlerhaften Pakets: PhotomatixProcessingServer.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PhotomatixProcessingServer.exe5 Error: (10/25/2013 08:40:50 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (10/25/2013 08:40:50 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (10/25/2013 08:40:50 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (10/22/2013 01:13:06 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SW Update Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (10/22/2013 01:12:51 PM) (Source: Service Control Manager) (User: ) Description: Dienst "SW Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (10/21/2013 01:50:50 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (10/20/2013 09:36:20 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/20/2013 09:36:19 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht. Error: (10/20/2013 09:33:55 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/20/2013 09:33:55 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht. Error: (10/19/2013 03:54:18 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SW Update Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (10/19/2013 03:53:58 PM) (Source: Service Control Manager) (User: ) Description: Dienst "SW Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (10/19/2013 10:52:03 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Microsoft Office Sessions: ========================= Error: (10/28/2013 04:13:08 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll Error: (10/28/2013 04:13:07 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll Error: (10/28/2013 04:13:07 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll Error: (10/28/2013 04:13:06 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll Error: (10/28/2013 02:42:53 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (10/25/2013 08:10:30 PM) (Source: Application Error)(User: ) Description: wmplayer.exe12.0.9200.16420505aa40eMSVCR100.dll10.0.40219.3254df2be1ec00004170008af3e4f801ced1b5c7b930f2C:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\windows\SYSTEM32\MSVCR100.dll1d0c3c3f-3da9-11e3-beb2-50b7c34221ed Error: (10/25/2013 01:57:40 PM) (Source: Application Error)(User: ) Description: PhotomatixProcessingServer.exe4.1.0.1054e60d1d9Photomatix40Lib1.dll4.1.0.1054e60d13cc0000005000366ca1ff401ced17b3f9c10b8C:\Program Files (x86)\PhotomatixPro4\PhotomatixProcessingServer.exeC:\Program Files (x86)\PhotomatixPro4\Photomatix40Lib1.dll073bf387-3d75-11e3-beb2-50b7c34221ed Error: (10/25/2013 08:40:50 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll Error: (10/25/2013 08:40:50 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll Error: (10/25/2013 08:40:50 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll ==================== Memory info =========================== Percentage of memory in use: 59% Total physical RAM: 6035.55 MB Available physical RAM: 2426.98 MB Total Pagefile: 11192.63 MB Available Pagefile: 4470.5 MB Total Virtual: 8192 MB Available Virtual: 8191.77 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:440.69 GB) (Free:300.39 GB) NTFS Drive d: (CB2213CD) (CDROM) (Total:0.64 GB) (Free:0 GB) UDF Drive e: () (Removable) (Total:3.68 GB) (Free:2.22 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 0C3BCB58) Partition: GPT Partition Type ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ |
29.10.2013, 15:23 | #4 |
/// TB-Ausbilder | Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde Hi, ja der Rechner wurde infiziert. Ich hab aber bei der ersten schnelle Durchsicht der Logs gesehen, dass du unsaubere Software nutzt (Adobe CS5). Das unterstützen wir nicht: http://www.trojaner-board.de/95394-c...-software.html Wenn ich dir helfen soll, dann deinstalliere und entferne jetzt zuerst restlos alle illegale Software (Cracks, Keygens, etc.). Sobald alles weg ist, können wir loslegen. Sollte ich im weiteren Verlauf aber trotz dieser Warnung nochmals sowas sehen, ist Schluss. Gib mir Bescheid, sobald es hier weiter geht.
__________________ cheers, Leo |
29.10.2013, 16:06 | #5 |
| Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde Ist ein gemeinsamer Rechner sorry Kann weitergehen. |
29.10.2013, 17:13 | #6 |
/// TB-Ausbilder | Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde Ok. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\CurrentVersion\Windows: [Load] c:\users\mario\dxbafev.exe <===== ATTENTION C:\Users\Mario\dxbafev.exe C:\Users\Mario\dxbsulx.exe C:\Users\Mario\AppData\Local\Temp\*.exe Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Starte den Rechner neu auf und mach dann einen FRST-Scan: Starte noch einmal FRST.
__________________ --> Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde |
29.10.2013, 17:43 | #7 |
| Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde Zu Schritt 1: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-10-2013 Ran by Mario at 2013-10-29 17:25:09 Run:1 Running from C:\Users\Mario\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\...\CurrentVersion\Windows: [Load] c:\users\mario\dxbafev.exe <===== ATTENTION C:\Users\Mario\dxbafev.exe C:\Users\Mario\dxbsulx.exe C:\Users\Mario\AppData\Local\Temp\*.exe ***************** HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully. "C:\Users\Mario\dxbafev.exe" => File/Directory not found. "C:\Users\Mario\dxbsulx.exe" => File/Directory not found. C:\Users\Mario\AppData\Local\Temp\*.exe => Moved successfully. ==== End of Fixlog ==== FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013 Ran by Mario (administrator) on NOTEBOOKMARIO on 29-10-2013 17:38:15 Running from C:\Users\Mario\Downloads Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\windows\system32\atiesrxx.exe (AMD) C:\windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Microsoft Corporation) C:\windows\system32\dashost.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (VMware, Inc.) C:\windows\SysWOW64\vmnat.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (VMware, Inc.) C:\windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\windows\system32\igfxext.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) \\?\C:\windows\system32\wbem\WMIADAP.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor) HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Mario\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] () HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093976 2013-09-19] (Garmin Ltd or its subsidiaries) HKCU\...\Run: [Jing] - C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-10-23] (APN) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com SearchScopes: HKLM - DefaultScope {F0BD9D00-CD5E-435A-8A65-8252EF1CF710} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM - {F0BD9D00-CD5E-435A-8A65-8252EF1CF710} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - DefaultScope {F0BD9D00-CD5E-435A-8A65-8252EF1CF710} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - {F0BD9D00-CD5E-435A-8A65-8252EF1CF710} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKCU - DefaultScope {F0BD9D00-CD5E-435A-8A65-8252EF1CF710} URL = SearchScopes: HKCU - {F0BD9D00-CD5E-435A-8A65-8252EF1CF710} URL = BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\e1ozyx9j.default FF Homepage: hxxp://www.suedwestkurve.de FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Program Files (x86)\Mozilla Firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Mario\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\e1ozyx9j.default\Extensions\de_DE@dicts.j3e.de FF Extension: No Name - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\e1ozyx9j.default\Extensions\trash FF Extension: Garmin Communicator - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\e1ozyx9j.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} FF Extension: FoxTrick - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\e1ozyx9j.default\Extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} FF Extension: psicotsi - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\e1ozyx9j.default\Extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}.xpi FF Extension: Adblock Plus - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\e1ozyx9j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [815160 2013-09-05] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.) S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-08-08] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [82136 2013-09-05] (Avira Operations GmbH & Co. KG) R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 OXSDIDRV_x64; C:\Windows\system32\DRIVERS\OXSDIDRV_x64.sys [52384 2011-08-23] () R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.) S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-29 17:15 - 2013-10-29 17:15 - 00000191 _____ C:\Users\Mario\Desktop\Fixlist.txt 2013-10-29 14:58 - 2013-10-29 15:00 - 00025835 _____ C:\Users\Mario\Downloads\Addition.txt 2013-10-29 14:55 - 2013-10-29 14:55 - 00000000 ____D C:\FRST 2013-10-29 14:52 - 2013-10-29 14:52 - 01956538 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe 2013-10-28 20:31 - 2013-10-28 20:31 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Curiolab 2013-10-28 19:34 - 2013-10-28 21:24 - 00000000 ____D C:\Program Files (x86)\Exterminate It! 2013-10-28 19:34 - 2013-10-28 19:34 - 00001105 _____ C:\Users\Public\Desktop\Exterminate It!.lnk 2013-10-28 19:33 - 2013-10-28 19:34 - 04589838 _____ (Curio Lab) C:\Users\Mario\Downloads\ExterminateItSetup.exe 2013-10-27 17:37 - 2013-10-27 17:37 - 00000000 ____D C:\Program Files (x86)\TechSmith 2013-10-22 13:13 - 2013-10-22 13:13 - 00001956 _____ C:\Users\Public\Desktop\SW Update.lnk 2013-10-21 13:45 - 2013-10-21 13:45 - 00000000 ____D C:\Users\Mario\Downloads\wbblite2.1.2 2013-10-20 19:28 - 2013-10-21 13:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-10-20 10:16 - 2013-10-20 10:16 - 00001526 _____ C:\Users\Mario\Desktop\Jing.lnk 2013-10-20 10:13 - 2013-10-20 10:14 - 06692840 _____ C:\Users\Mario\Downloads\jing.exe 2013-10-20 09:54 - 2013-10-20 09:54 - 00001283 _____ C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jing.lnk 2013-10-20 09:32 - 2013-10-29 15:58 - 04849200 _____ C:\windows\system32\FNTCACHE.DAT 2013-10-19 15:48 - 2013-10-19 15:48 - 101983560 _____ C:\windows\SysWOW64\᯾矮Ø߿ 2013-10-19 10:42 - 2013-10-02 02:38 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-10-19 10:42 - 2013-10-02 02:38 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-19 09:59 - 2013-10-19 09:59 - 00000791 _____ C:\Users\Public\Desktop\SaalDesignSoftware.lnk 2013-10-19 07:12 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-10-19 07:12 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-10-19 07:12 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-10-19 07:12 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-10-19 07:12 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-10-19 07:12 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-10-19 07:12 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-10-19 07:12 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-10-19 07:12 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-10-19 07:12 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-10-19 07:12 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-10-19 07:12 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-10-19 07:12 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-10-19 07:12 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-10-19 07:12 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-10-19 07:12 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-10-19 07:12 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-10-19 07:12 - 2013-07-06 01:15 - 00652288 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll 2013-10-19 07:12 - 2013-07-04 03:13 - 00541696 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll 2013-10-19 07:12 - 2013-05-15 23:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll 2013-10-19 07:12 - 2013-05-15 23:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll 2013-10-19 07:12 - 2013-05-14 14:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-10-19 07:12 - 2013-05-14 10:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-10-19 07:12 - 2013-04-28 23:28 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll 2013-10-19 07:12 - 2013-02-21 11:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-10-19 07:12 - 2013-02-21 11:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-10-19 07:12 - 2013-02-21 11:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-10-19 07:12 - 2013-02-21 11:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-10-19 07:12 - 2013-02-21 11:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-10-19 07:12 - 2013-02-21 11:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-10-19 07:12 - 2013-02-19 10:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll 2013-10-19 07:12 - 2012-11-08 05:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-10-19 07:12 - 2012-11-08 05:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-10-19 07:11 - 2013-08-23 06:11 - 04040192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-10-19 07:11 - 2013-07-19 23:13 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-19 07:11 - 2013-07-19 23:13 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-19 07:11 - 2013-07-05 23:02 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys 2013-10-19 07:11 - 2013-07-05 23:01 - 00210560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys 2013-10-19 07:11 - 2013-07-02 02:41 - 00447320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS 2013-10-19 07:11 - 2013-07-02 02:41 - 00337752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS 2013-10-19 07:11 - 2013-07-02 02:41 - 00213336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS 2013-10-19 07:11 - 2013-07-01 23:14 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbprint.sys 2013-10-19 07:11 - 2013-07-01 02:42 - 00623448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2013-10-19 07:11 - 2013-07-01 02:42 - 00498008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2013-10-19 07:11 - 2013-07-01 02:42 - 00079192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2013-10-19 07:11 - 2013-07-01 02:42 - 00021848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2013-10-19 07:11 - 2013-06-29 04:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys 2013-10-19 07:11 - 2013-06-29 04:07 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys 2013-10-19 07:11 - 2013-06-29 04:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2013-10-19 07:11 - 2013-06-29 04:06 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2013-10-19 07:11 - 2013-06-22 06:45 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys 2013-10-19 07:11 - 2013-06-22 06:45 - 00054488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys 2013-10-19 07:11 - 2013-05-27 00:17 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll 2013-10-19 07:11 - 2013-05-26 23:59 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll 2013-10-19 07:11 - 2013-05-25 04:15 - 00362496 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll 2013-10-19 07:11 - 2013-05-25 03:32 - 00300032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll 2013-10-18 19:30 - 2013-10-18 19:30 - 00000000 ____D C:\ProgramData\Oracle 2013-10-18 19:30 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-18 19:30 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-10-18 19:30 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-10-18 19:30 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-10-18 19:29 - 2013-10-18 19:30 - 00004897 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-06 16:18 - 2013-10-06 16:18 - 00001622 _____ C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\autostitch - Verknüpfung.lnk 2013-10-06 16:17 - 2013-10-06 16:17 - 00001394 _____ C:\Users\Mario\Desktop\autostitch - Verknüpfung.lnk 2013-10-06 16:17 - 2013-10-06 16:17 - 00000000 ____D C:\Users\Mario\Downloads\autostitch22 2013-10-06 08:53 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll 2013-10-06 08:53 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll 2013-10-06 08:53 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll 2013-10-06 08:53 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2013-10-06 08:53 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll 2013-10-06 08:53 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll 2013-10-06 08:53 - 2013-08-02 07:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2013-10-06 08:53 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2013-10-06 08:53 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll 2013-10-06 08:53 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll 2013-10-06 08:53 - 2013-08-02 06:06 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll 2013-10-06 08:53 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2013-10-06 08:53 - 2013-07-31 00:30 - 00386923 _____ C:\windows\system32\ApnDatabase.xml 2013-10-06 08:53 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll 2013-10-06 08:53 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll 2013-10-06 08:53 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll 2013-10-06 08:53 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll 2013-10-06 08:52 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll 2013-10-06 08:52 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll 2013-10-06 08:52 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx 2013-10-06 08:52 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx 2013-10-06 08:52 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll 2013-10-06 08:52 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll 2013-10-05 15:11 - 2013-10-05 15:11 - 05024696 _____ (Martin Prikryl ) C:\Users\Mario\Downloads\winscp517setup.exe 2013-10-05 15:07 - 2013-10-05 15:07 - 99359319 _____ C:\windows\SysWOW64\᯾眗ᮠê߿ 2013-10-05 14:37 - 2013-10-05 14:37 - 00000000 ____D C:\Users\Mario\AppData\Roaming\PlxTech 2013-10-05 14:37 - 2013-10-05 14:37 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iomega Encryption 2013-10-05 14:37 - 2013-10-05 14:37 - 00000000 ____D C:\Program Files (x86)\PLX Technology 2013-10-05 14:37 - 2013-10-05 14:37 - 00000000 ____D C:\Program Files (x86)\Iomega 2013-10-05 14:36 - 2013-10-05 14:36 - 00000000 ____D C:\Users\Mario\Downloads\iomega-encryption-windows-v3.1.0 2013-10-05 14:36 - 2013-10-05 14:36 - 00000000 ____D C:\Program Files\Iomega 2013-10-05 09:45 - 2013-10-19 10:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-05 09:45 - 2013-10-19 10:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-09-30 22:37 - 2013-09-30 22:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-10-29 17:37 - 2013-08-07 23:15 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2613245926-3574014760-4208713533-1001 2013-10-29 17:37 - 2012-09-03 10:35 - 00000000 ____D C:\ProgramData\WinClon 2013-10-29 17:33 - 2013-08-21 18:23 - 00000000 ____D C:\ProgramData\VMware 2013-10-29 17:32 - 2012-09-03 10:27 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-10-29 17:32 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-10-29 17:31 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI 2013-10-29 17:15 - 2013-10-29 17:15 - 00000191 _____ C:\Users\Mario\Desktop\Fixlist.txt 2013-10-29 17:00 - 2012-09-03 09:48 - 01160991 _____ C:\windows\WindowsUpdate.log 2013-10-29 17:00 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru 2013-10-29 16:52 - 2012-09-03 10:44 - 00000360 _____ C:\windows\Tasks\Xerox PhotoCafe Communicator.job 2013-10-29 16:44 - 2013-08-07 23:17 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-10-29 16:18 - 2013-08-07 23:04 - 00000000 ____D C:\Users\Mario 2013-10-29 16:06 - 2012-09-04 02:11 - 00756856 _____ C:\windows\system32\perfh007.dat 2013-10-29 16:06 - 2012-09-04 02:11 - 00157572 _____ C:\windows\system32\perfc007.dat 2013-10-29 16:06 - 2012-07-26 08:28 - 01756956 _____ C:\windows\system32\PerfStringBackup.INI 2013-10-29 16:01 - 2013-08-07 23:06 - 00000000 ____D C:\Users\Mario\AppData\Local\CrashDumps 2013-10-29 15:58 - 2013-10-20 09:32 - 04849200 _____ C:\windows\system32\FNTCACHE.DAT 2013-10-29 15:56 - 2013-08-07 23:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-29 15:39 - 2013-08-08 13:26 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-10-29 15:37 - 2012-09-03 10:38 - 00000000 ____D C:\ProgramData\Adobe 2013-10-29 15:36 - 2013-08-08 22:21 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-10-29 15:00 - 2013-10-29 14:58 - 00025835 _____ C:\Users\Mario\Downloads\Addition.txt 2013-10-29 14:55 - 2013-10-29 14:55 - 00000000 ____D C:\FRST 2013-10-29 14:52 - 2013-10-29 14:52 - 01956538 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe 2013-10-28 21:24 - 2013-10-28 19:34 - 00000000 ____D C:\Program Files (x86)\Exterminate It! 2013-10-28 20:31 - 2013-10-28 20:31 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Curiolab 2013-10-28 19:59 - 2012-09-03 10:27 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-10-28 19:34 - 2013-10-28 19:34 - 00001105 _____ C:\Users\Public\Desktop\Exterminate It!.lnk 2013-10-28 19:34 - 2013-10-28 19:33 - 04589838 _____ (Curio Lab) C:\Users\Mario\Downloads\ExterminateItSetup.exe 2013-10-27 17:37 - 2013-10-27 17:37 - 00000000 ____D C:\Program Files (x86)\TechSmith 2013-10-25 18:46 - 2013-08-07 23:05 - 00000000 ____D C:\Users\Mario\AppData\Local\VirtualStore 2013-10-23 09:00 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent 2013-10-22 13:13 - 2013-10-22 13:13 - 00001956 _____ C:\Users\Public\Desktop\SW Update.lnk 2013-10-21 16:36 - 2013-09-08 10:22 - 00000132 _____ C:\Users\Mario\AppData\Roaming\Adobe PNG Format CS5 Prefs 2013-10-21 13:54 - 2013-10-20 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-10-21 13:45 - 2013-10-21 13:45 - 00000000 ____D C:\Users\Mario\Downloads\wbblite2.1.2 2013-10-20 10:16 - 2013-10-20 10:16 - 00001526 _____ C:\Users\Mario\Desktop\Jing.lnk 2013-10-20 10:14 - 2013-10-20 10:13 - 06692840 _____ C:\Users\Mario\Downloads\jing.exe 2013-10-20 09:54 - 2013-10-20 09:54 - 00001283 _____ C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jing.lnk 2013-10-19 15:48 - 2013-10-19 15:48 - 101983560 _____ C:\windows\SysWOW64\᯾矮Ø߿ 2013-10-19 10:49 - 2013-10-05 09:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-19 10:49 - 2013-10-05 09:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-19 10:45 - 2013-08-15 11:37 - 00000000 ____D C:\windows\system32\MRT 2013-10-19 10:44 - 2013-08-07 23:12 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-10-19 09:59 - 2013-10-19 09:59 - 00000791 _____ C:\Users\Public\Desktop\SaalDesignSoftware.lnk 2013-10-19 09:59 - 2013-09-16 09:58 - 00000000 ____D C:\Foto 2013-10-19 09:36 - 2013-08-08 12:31 - 00000000 ____D C:\Users\Mario\AppData\Local\Thunderbird 2013-10-18 19:30 - 2013-10-18 19:30 - 00000000 ____D C:\ProgramData\Oracle 2013-10-18 19:30 - 2013-10-18 19:29 - 00004897 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-18 19:30 - 2013-08-07 23:06 - 00000000 ____D C:\Program Files (x86)\Java 2013-10-10 17:44 - 2013-08-07 23:17 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-10-08 06:50 - 2013-10-18 19:30 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-08 06:46 - 2013-10-18 19:30 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-10-08 06:46 - 2013-10-18 19:30 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-10-08 06:46 - 2013-10-18 19:30 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-10-06 16:18 - 2013-10-06 16:18 - 00001622 _____ C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\autostitch - Verknüpfung.lnk 2013-10-06 16:17 - 2013-10-06 16:17 - 00001394 _____ C:\Users\Mario\Desktop\autostitch - Verknüpfung.lnk 2013-10-06 16:17 - 2013-10-06 16:17 - 00000000 ____D C:\Users\Mario\Downloads\autostitch22 2013-10-06 12:02 - 2012-07-26 09:12 - 00000000 ____D C:\windows\rescache 2013-10-06 09:30 - 2013-08-07 23:08 - 00000000 ___RD C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-06 09:30 - 2013-08-07 23:08 - 00000000 ___RD C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-10-06 09:28 - 2012-07-26 09:12 - 00000000 ___RD C:\windows\ToastData 2013-10-05 19:26 - 2012-08-05 22:07 - 00353450 _____ C:\windows\PFRO.log 2013-10-05 15:11 - 2013-10-05 15:11 - 05024696 _____ (Martin Prikryl ) C:\Users\Mario\Downloads\winscp517setup.exe 2013-10-05 15:07 - 2013-10-05 15:07 - 99359319 _____ C:\windows\SysWOW64\᯾眗ᮠê߿ 2013-10-05 14:37 - 2013-10-05 14:37 - 00000000 ____D C:\Users\Mario\AppData\Roaming\PlxTech 2013-10-05 14:37 - 2013-10-05 14:37 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iomega Encryption 2013-10-05 14:37 - 2013-10-05 14:37 - 00000000 ____D C:\Program Files (x86)\PLX Technology 2013-10-05 14:37 - 2013-10-05 14:37 - 00000000 ____D C:\Program Files (x86)\Iomega 2013-10-05 14:36 - 2013-10-05 14:36 - 00000000 ____D C:\Users\Mario\Downloads\iomega-encryption-windows-v3.1.0 2013-10-05 14:36 - 2013-10-05 14:36 - 00000000 ____D C:\Program Files\Iomega 2013-10-03 09:53 - 2013-08-07 23:17 - 00000000 ____D C:\Users\Mario\AppData\Local\Mozilla 2013-10-02 02:38 - 2013-10-19 10:42 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-10-02 02:38 - 2013-10-19 10:42 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-30 22:37 - 2013-09-30 22:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-20 08:51 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-10-2013 Ran by Mario at 2013-10-29 17:39:34 Running from C:\Users\Mario\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe AIR (x32 Version: 3.8.0.1430) Adobe Community Help (x32 Version: 3.0.0) Adobe Community Help (x32 Version: 3.0.0.400) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Media Player (x32 Version: 1.8) Adobe Photoshop Lightroom 5 64-bit (Version: 5.0.1) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133) Allshare Play Link (x32 Version: 1.0.0) AllSharePlayLink (x32 Version: 1.0.0) Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18) AMD APP SDK Runtime (Version: 10.0.938.2) AMD Catalyst Install Manager (Version: 8.0.881.0) Audacity 2.0.3 (x32 Version: 2.0.3) Avira Free Antivirus (x32 Version: 13.0.0.4052) Avira SearchFree Toolbar (x32 Version: 12.6.0.1900) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center (x32 Version: 2012.0806.1156.19437) Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437) Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437) Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437) Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437) CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437) CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437) CCC Help Czech (x32 Version: 2012.0806.1155.19437) CCC Help Danish (x32 Version: 2012.0806.1155.19437) CCC Help Dutch (x32 Version: 2012.0806.1155.19437) CCC Help English (x32 Version: 2012.0806.1155.19437) CCC Help Finnish (x32 Version: 2012.0806.1155.19437) CCC Help French (x32 Version: 2012.0806.1155.19437) CCC Help German (x32 Version: 2012.0806.1155.19437) CCC Help Greek (x32 Version: 2012.0806.1155.19437) CCC Help Hungarian (x32 Version: 2012.0806.1155.19437) CCC Help Italian (x32 Version: 2012.0806.1155.19437) CCC Help Japanese (x32 Version: 2012.0806.1155.19437) CCC Help Korean (x32 Version: 2012.0806.1155.19437) CCC Help Norwegian (x32 Version: 2012.0806.1155.19437) CCC Help Polish (x32 Version: 2012.0806.1155.19437) CCC Help Portuguese (x32 Version: 2012.0806.1155.19437) CCC Help Russian (x32 Version: 2012.0806.1155.19437) CCC Help Spanish (x32 Version: 2012.0806.1155.19437) CCC Help Swedish (x32 Version: 2012.0806.1155.19437) CCC Help Thai (x32 Version: 2012.0806.1155.19437) CCC Help Turkish (x32 Version: 2012.0806.1155.19437) ccc-utility64 (Version: 2012.0806.1156.19437) Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000) CyberLink Power2Go 8 (x32 Version: 8.0.0.1912) CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02) D3DX10 (x32 Version: 15.4.2368.0902) Easy File Share (x32 Version: 1.3.4) Elevated Installer (x32 Version: 2.3.14.0) E-POP (x32 Version: 1.0.1) Exterminate It! (x32 Version: 1.76.05.25) Flatcast Viewer Plugin 5.3.0.784 (x32) FotoFusionV4 (x32 Version: 4.1) Fotogalerie (x32 Version: 16.4.3505.0912) Galerie de photos (x32 Version: 16.4.3505.0912) Garmin Express (x32 Version: 2.3.14.0) Garmin Express Tray (x32 Version: 2.3.14.0) Hattrick Organizer (remove only) (x32) Help Desk (Version: 1.0.96) Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11) Intel(R) Control Center (x32 Version: 1.2.1.1008) Intel(R) Display Audio Driver (x32 Version: 6.14.00.3097) Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252) Intel(R) Rapid Storage Technology (x32 Version: 11.6.0.1030) Intel® Trusted Connect Service Client (Version: 1.24.388.1) Iomega Encryption 3.1.0 (Version: 3.1.0) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Jing (x32 Version: 2.8.13007.1) K-Lite Mega Codec Pack 10.0.0 (x32 Version: 10.0.0) LAME v3.99.3 (for Windows) (x32) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office (x32 Version: 14.0.6120.5004) Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Movie Maker (x32 Version: 16.4.3505.0912) MozBackup 1.5.1 (x32) Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0) Mozilla Maintenance Service (x32 Version: 24.0.1) Mozilla Thunderbird 24.0.1 (x86 de) (x32 Version: 24.0.1) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) Norton Online Backup (x32 Version: 2.2.3.45) Norton Online Backup ARA (x32 Version: 4.1.0.11) Opera Stable 15.0.1147.153 (x32 Version: 15.0.1147.153) Photo Common (x32 Version: 16.4.3505.0912) Photo Gallery (x32 Version: 16.4.3505.0912) Photomatix Pro version 4.1.2 (x32 Version: 4.1.2) Plants vs. Zombies (x32) PX Profile Update (x32 Version: 1.00.1.) Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.216) Qualcomm Atheros Client Installation Program (x32 Version: 10.0) Quick Starter (Version: 1.0.2) Raccolta foto (x32 Version: 16.4.3505.0912) Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6702) Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030) Recovery (x32 Version: 6.0.10.0) RemoteComms driver (x32 Version: 1.30.0002) S Agent (Version: 1.1.45) Saal Design Software (x32 Version: 3.2.18) Settings (x32 Version: 2.0.0) Support Center (Version: 2.1.1106) Support Center FAQ (x32 Version: 1.0.11) SW Update (x32 Version: 2.1.21) swMSM (x32 Version: 12.0.0.1) Synaptics Pointing Device Driver (Version: 16.2.14.2) tools-linux (x32 Version: 9.2.3.1031769) User Guide (x32 Version: 1.2.00) VMware Player (Version: 5.0.2) VMware Player (x32 Version: 5.0.2) Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735) Windows Live (x32 Version: 16.4.3505.0912) Windows Live Communications Platform (x32 Version: 16.4.3505.0912) Windows Live Essentials (x32 Version: 16.4.3505.0912) Windows Live Installer (x32 Version: 16.4.3505.0912) Windows Live Photo Common (x32 Version: 16.4.3505.0912) Windows Live PIMT Platform (x32 Version: 16.4.3505.0912) Windows Live SOXE (x32 Version: 16.4.3505.0912) Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912) Windows Live UX Platform (x32 Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912) WinRAR 4.20 (64-Bit) (Version: 4.20.0) Xerox PhotoCafe (x32 Version: 1.0.0.6162) ==================== Restore Points ========================= 27-10-2013 16:33:05 Removed Jing ==================== Hosts content: ========================== 2012-07-26 06:26 - 2013-08-08 16:29 - 00001292 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 hl2rcv.adobe.com ==================== Scheduled Tasks (whitelisted) ============= Task: {2A8112E1-1AFC-4692-A451-8BEA7E0041DC} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation) Task: {3176FCAC-B027-4D9C-8F92-9E0AC2AB7AFE} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: {570A88EC-64AE-45AF-B989-D31FB4001F4D} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe Task: {6465A256-6CCD-43E4-895F-F2FE7B775ACF} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] () Task: {A5FAF16F-9F42-40CD-9036-E2B0ECBD695F} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-26] (Samsung Electronics CO., LTD.) Task: {ABFDCBEF-CD3E-4AAB-95E6-DEC6A2497341} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: {BE80140D-C8B7-4A6E-970E-C9D80548060F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated) Task: {DF799127-DE9B-4B2E-9D14-1BD04E8F9BA0} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.) Task: {E882B7AA-316D-42EF-8B30-2840E9D45B10} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {F1C409C6-0653-4089-9F27-1979FE3BA6B0} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-08-23] (SEC) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-16 18:15 - 2013-10-16 18:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll 2012-07-20 07:16 - 2012-07-20 07:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-08-06 03:54 - 2012-08-06 03:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2013-08-08 20:41 - 2013-08-08 20:40 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 01015416 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2012-08-26 10:48 - 2012-08-26 10:48 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2013-02-26 01:28 - 2013-02-26 01:28 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll 2012-09-03 10:41 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 03:34 - 2012-06-08 03:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2013-09-30 22:37 - 2013-09-30 22:37 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-09-13 23:16 - 2013-09-13 23:16 - 00017920 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\26def6ab53d268e53635f2a61a1b2ed3\PSIClient.ni.dll 2012-09-03 10:26 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/29/2013 04:00:46 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001487 ID des fehlerhaften Prozesses: 0xca4 Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0 Pfad der fehlerhaften Anwendung: avnotify.exe1 Pfad des fehlerhaften Moduls: avnotify.exe2 Berichtskennung: avnotify.exe3 Vollständiger Name des fehlerhaften Pakets: avnotify.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avnotify.exe5 Error: (10/28/2013 04:13:08 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (10/28/2013 04:13:07 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (10/28/2013 04:13:07 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (10/28/2013 04:13:06 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (10/28/2013 02:42:53 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (10/25/2013 08:10:30 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.9200.16420, Zeitstempel: 0x505aa40e Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0xc0000417 Fehleroffset: 0x0008af3e ID des fehlerhaften Prozesses: 0x4f8 Startzeit der fehlerhaften Anwendung: 0xwmplayer.exe0 Pfad der fehlerhaften Anwendung: wmplayer.exe1 Pfad des fehlerhaften Moduls: wmplayer.exe2 Berichtskennung: wmplayer.exe3 Vollständiger Name des fehlerhaften Pakets: wmplayer.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: wmplayer.exe5 Error: (10/25/2013 01:57:40 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: PhotomatixProcessingServer.exe, Version: 4.1.0.105, Zeitstempel: 0x4e60d1d9 Name des fehlerhaften Moduls: Photomatix40Lib1.dll, Version: 4.1.0.105, Zeitstempel: 0x4e60d13c Ausnahmecode: 0xc0000005 Fehleroffset: 0x000366ca ID des fehlerhaften Prozesses: 0x1ff4 Startzeit der fehlerhaften Anwendung: 0xPhotomatixProcessingServer.exe0 Pfad der fehlerhaften Anwendung: PhotomatixProcessingServer.exe1 Pfad des fehlerhaften Moduls: PhotomatixProcessingServer.exe2 Berichtskennung: PhotomatixProcessingServer.exe3 Vollständiger Name des fehlerhaften Pakets: PhotomatixProcessingServer.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PhotomatixProcessingServer.exe5 Error: (10/25/2013 08:40:50 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (10/25/2013 08:40:50 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (10/29/2013 05:33:03 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/29/2013 05:33:03 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht. Error: (10/29/2013 04:00:39 PM) (Source: DCOM) (User: NOTEBOOKMARIO) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}notebookmarioMarioS-1-5-21-2613245926-3574014760-4208713533-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (10/29/2013 04:00:39 PM) (Source: DCOM) (User: NOTEBOOKMARIO) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}notebookmarioMarioS-1-5-21-2613245926-3574014760-4208713533-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (10/29/2013 03:59:26 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/29/2013 03:59:26 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht. Error: (10/29/2013 03:55:25 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Garmin Core Update Service erreicht. Error: (10/29/2013 03:54:50 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (10/22/2013 01:13:06 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SW Update Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (10/22/2013 01:12:51 PM) (Source: Service Control Manager) (User: ) Description: Dienst "SW Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (10/29/2013 04:00:46 PM) (Source: Application Error)(User: ) Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487ca401ced4b77f5d3daaC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exee31f3d8c-40aa-11e3-beb3-50b7c34221ed Error: (10/28/2013 04:13:08 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll Error: (10/28/2013 04:13:07 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll Error: (10/28/2013 04:13:07 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll Error: (10/28/2013 04:13:06 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll Error: (10/28/2013 02:42:53 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (10/25/2013 08:10:30 PM) (Source: Application Error)(User: ) Description: wmplayer.exe12.0.9200.16420505aa40eMSVCR100.dll10.0.40219.3254df2be1ec00004170008af3e4f801ced1b5c7b930f2C:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\windows\SYSTEM32\MSVCR100.dll1d0c3c3f-3da9-11e3-beb2-50b7c34221ed Error: (10/25/2013 01:57:40 PM) (Source: Application Error)(User: ) Description: PhotomatixProcessingServer.exe4.1.0.1054e60d1d9Photomatix40Lib1.dll4.1.0.1054e60d13cc0000005000366ca1ff401ced17b3f9c10b8C:\Program Files (x86)\PhotomatixPro4\PhotomatixProcessingServer.exeC:\Program Files (x86)\PhotomatixPro4\Photomatix40Lib1.dll073bf387-3d75-11e3-beb2-50b7c34221ed Error: (10/25/2013 08:40:50 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll Error: (10/25/2013 08:40:50 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll ==================== Memory info =========================== Percentage of memory in use: 27% Total physical RAM: 6035.55 MB Available physical RAM: 4365.09 MB Total Pagefile: 11155.55 MB Available Pagefile: 9260.14 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:440.69 GB) (Free:301.97 GB) NTFS Drive d: (CB2213CD) (CDROM) (Total:0.64 GB) (Free:0 GB) UDF Drive e: () (Removable) (Total:3.68 GB) (Free:2.22 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 0C3BCB58) Partition: GPT Partition Type ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ |
29.10.2013, 18:02 | #8 |
/// TB-Ausbilder | Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde ... Schritt 1 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 2 ESET Online Scanner
__________________ cheers, Leo |
29.10.2013, 18:27 | #9 |
| Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde Zu Schritt 1: Ergebnisse Anzeigen Button fehlt vermutlich weil nichts gefunden wurde. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.29.08 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16721 Mario :: NOTEBOOKMARIO [Administrator] Schutz: Aktiviert 29.10.2013 18:13:21 mbam-log-2013-10-29 (18-13-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 203363 Laufzeit: 5 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
29.10.2013, 21:43 | #10 |
/// TB-Ausbilder | Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde Ok. Der abschliessende ESET-Scan könnte noch etwas länger dauern, das ist normal.
__________________ cheers, Leo |
30.10.2013, 04:23 | #11 |
| Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde zu Schritt 2: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=794eeceb5ecab6468666ce43178bc1e4 # engine=15682 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-10-29 07:37:49 # local_time=2013-10-29 08:37:49 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=1799 16775165 100 94 16857 7084898 13054 0 # compatibility_mode=5893 16776574 100 94 6397713 42581580 0 0 # scanned=320866 # found=4 # cleaned=0 # scan_time=7496 sh=38BA05C050FA592BBF36F7C4090C1EDD2727D370 ft=1 fh=305395abd714d9c4 vn="a variant of Win32/Kryptik.BNTR trojan" ac=I fn="C:\FRST\Quarantine\2037930579.exe" sh=38BA05C050FA592BBF36F7C4090C1EDD2727D370 ft=1 fh=305395abd714d9c4 vn="a variant of Win32/Kryptik.BNTR trojan" ac=I fn="C:\FRST\Quarantine\2038144954.exe" sh=38BA05C050FA592BBF36F7C4090C1EDD2727D370 ft=1 fh=305395abd714d9c4 vn="a variant of Win32/Kryptik.BNTR trojan" ac=I fn="C:\FRST\Quarantine\2038160363.exe" sh=2A405015B0AE8722D9A9D6CF31FE1EA3395A2B4C ft=1 fh=c06bf6e317952262 vn="Win32/StartPage.ORB trojan" ac=I fn="F:\Trekstor FP\downloads lenovo\downloads\vlc-2.0.5-win32.exe" |
30.10.2013, 09:53 | #12 |
/// TB-Ausbilder | Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde Ok. Überprüfe noch mit diesem Plugin-Check (mit dem Firefox hier), ob alle deine verwendeten Plugin-Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus. Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und Software Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-Software Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im Internet Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine Hinweise Abschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________ cheers, Leo |
30.10.2013, 15:46 | #13 |
| Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde Hallo, bin jetzt wieder verfügbar, habe Feierabend. Erstmal 2 Dinge. 1. Ich habe die Plugins gecheckt, da sind jedoch ein paar unbekannte. Guck dir bitte mal das Jing-Video hier von meinem screen an: hxxp://screencast.com/t/v8HbCFZHCM79 2. Ich habe ESET leider schon deinstalliert da es so in der Anleitung stand, ist aber kein Problem ich installiere es erneut. Ich habe wie in der Anleitung beschrieben, das Häckchen bei "remove found threats" vor dem scan raus genommen und er hatte ja 4 Funde. Müssen wir diese 4 Funde nicht erst mal bekämpfen? |
30.10.2013, 16:02 | #14 | ||
/// TB-Ausbilder | Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde Hi, Zitat:
Zitat:
Der 4. Funde (das VLC-Setup in den Downloads) ist nur ein Installer, der etwas Adware mitbringt, wenn man ihn ausführt. Du kannst diese Datei einfach manuell löschen. (Das liegt übrigens daran, dass du das Setup für den VLC-Player nicht von der Originalseite videolan.org heruntergeladen hast, sondern von einer Fakeseite wie z.B. vlc.de. Diese Seiten packen noch Adware mit in die Installation und das zeigt ESET hier an.)
__________________ cheers, Leo |
30.10.2013, 16:41 | #15 |
| Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde Ok, Super. Hab diese VLC Player Datei gelöscht, war in einem alten downloadordner von meinem alten Laptop noch den ich auf meiner Externen FP gesichert hatte aber das hast du ja gesehen. Hab delfix soeben ausgeführt. Code:
ATTFilter # DelFix v10.4 - Datei am 30/10/2013 um 16:17:35 erstellt # Aktualisiert am 19/07/2013 von Xplode # Benutzer : Mario - NOTEBOOKMARIO # Betriebssystem : Windows 8 (64 bits) ~ Aktiviere die Benutzerkontensteuerung ... OK ~ Entferne die Bereinigungsprogramme ... Gelöscht : C:\FRST Gelöscht : C:\Users\Mario\Downloads\Addition.txt Gelöscht : C:\Users\Mario\Downloads\esetsmartinstaller_enu.exe Gelöscht : C:\Users\Mario\Downloads\Fixlog.txt Gelöscht : C:\Users\Mario\Downloads\FRST.txt Gelöscht : C:\Users\Mario\Downloads\FRST64.exe ~ Erstelle ein Backup der Registrierungsdatenbank ... OK ~ Lösche die Wiederherstellungspunkte ... Gelöscht : RP #21 [Removed Jing | 10/27/2013 16:33:05] Ein neuer Wiederherstellungspunkt wurde erstellt ! ~ Stelle die Systemeinstellungen wieder her ... OK ########## - EOF - ########## Ebenso bei ESET, soll ich da nie "remove threats" angeklickt lassen? Das waren denke ich meine 2 letzten Fragen. Ich bin überaus dankbar und werde jetzt gleich eine kleine Spende überweisen. Heute habe ich wieder eine verdächtige mail bekommen mit Anhang, meine Frau hat übrigens die selbe mail bekommen. Absender: booking.com <invoice@booking.com> Betreff: Invoice 8209137401365960 Wieder eine zip.datei im Anhang, irgendwas mit print pdf.zip, hab sie gleich noch online bei freenet gelöscht und nicht mit thunderbird runtergeladen. Ich glaube diese mail-Adresse muss ich sterben lassen oder? Kann man solche emails irgendwo melden das die Täter vllt. gefasst werden? Ich weiß auch woher die unsere mail-Adresse haben, wir haben in unserem smartphone die Kontakte im google-Konto hinterlegt so das wir bei Handywechsel immer die Daten behalten. Und da habe ich unsere Festnetznummer als "HomeSweetHome" bezeichnet und darunter meine email-Adresse abgelegt. In der email mit meinem Virus hier stand als empfänger auch <HomeSweetHome> |
Themen zu Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde |
anhang, antivir, antivirenprogramm, betreffzeile, betriebssystem, diverse, doppelklick, heuristic.behaveslike.win32.downloader.d, namen, posible_worm32, programm, scanne, scannen, troj/mdrop-fmk, trojan-psw.win32.fareit.amdr, trojan-spy.injector, trojan/win32.cryptovb, variant, win32/injector.apqg, windows, worm, öffnen |