| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BSI Scan positivWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.01.2014, 20:42
| #5 |
 |  BSI Scan positiv Ich werde es gleich durchführen und dann hier noch einmal posten. Danke bis hierhin. Sollte ich denn, abgesehen von einem neuen Passwort bei meiner "Spam" Email Adresse noch etwas anderes beachten? Hier die Logdateien des Laptops: FRST FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-01-2014 01
Ran by Alexander Ley (administrator) on SAMSUNGNOTEBOOK on 22-01-2014 18:30:01
Running from C:\Users\Alexander Ley\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Secomba GmbH) C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe
(1&1 Internet AG) C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Dropbox, Inc.) C:\Users\Alexander Ley\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) \\?\C:\WINDOWS\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-09-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7818040 2013-09-19] (Motorola Solutions, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [BoxcryptorClassic.exe] - C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe [2240256 2013-10-14] (Secomba GmbH)
HKCU\...\Run: [1&1_1&1 Upload-Manager] - C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE [989264 2011-11-21] (1&1 Internet AG)
Startup: C:\Users\Alexander Ley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alexander Ley\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator-cbfs4 - {3B9BAC01-6257-41BC-8216-7E4419F0E0DB} - C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {3B9BAC01-6257-41BC-8216-7E4419F0E0DB} - C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {F0C54B2B-EAF8-4F93-9B1E-72BAE7D573B1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {F0C54B2B-EAF8-4F93-9B1E-72BAE7D573B1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {F0C54B2B-EAF8-4F93-9B1E-72BAE7D573B1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {F0C54B2B-EAF8-4F93-9B1E-72BAE7D573B1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {F0C54B2B-EAF8-4F93-9B1E-72BAE7D573B1} URL =
SearchScopes: HKCU - {F0C54B2B-EAF8-4F93-9B1E-72BAE7D573B1} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{E59035AC-8252-40D3-9139-2673440D5F77}: [NameServer]208.67.222.222,208.67.220.220
FireFox:
========
FF ProfilePath: C:\Users\Alexander Ley\AppData\Roaming\Mozilla\Firefox\Profiles\ny9qulup.default
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-09-12]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-16]
CHR Extension: (Google Drive) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-16]
CHR Extension: (YouTube) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-16]
CHR Extension: (Google-Suche) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-16]
CHR Extension: (Tampermonkey) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-10-24]
CHR Extension: (Adobe Acrobat – PDF-Datei erstellen) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-09-12]
CHR Extension: (Google Kalender) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-08-16]
CHR Extension: (Facebook Disconnect) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2013-08-16]
CHR Extension: (Super Mario Flash 1 Spiel) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\enfifaioninnhmakfheicigjingihhif [2013-08-26]
CHR Extension: (AdBlock) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-16]
CHR Extension: (Google Maps) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-08-16]
CHR Extension: (Google Wallet) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Marc Ecko) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2013-08-16]
CHR Extension: (Google Mail) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-09-05]
==================== Services (Whitelisted) =================
U2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
U2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
U2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-06] (ELAN Microelectronics Corp.)
U2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
U2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
U3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
U2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
U2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
U3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
U2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
U2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
U3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
U3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
U1 cbfs4; C:\windows\system32\drivers\cbfs4.sys [386752 2013-08-30] (EldoS Corporation)
U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [715824 2013-11-14] (COMODO)
U1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [38072 2013-09-24] (COMODO)
U1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
U0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
U3 FTDIBUS; C:\Windows\system32\drivers\opcomusb.sys [69320 2013-08-21] (FTDI Ltd.)
U1 HWiNFO32; C:\windows\system32\drivers\HWiNFO64A.SYS [31136 2013-08-16] (REALiX(tm))
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [118400 2013-09-24] (COMODO)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
U3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-12-24] (Windows (R) 2003 DDK 3790 provider)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U2 SGDrv; C:\Windows\System32\drivers\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [199752 2011-11-21] (1&1 Internet AG)
U3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
U3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2013-07-03] (EldoS Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-22 18:30 - 2014-01-22 18:30 - 00021756 _____ C:\Users\Alexander Ley\Desktop\FRST.txt
2014-01-22 18:29 - 2014-01-22 18:29 - 00000000 ____D C:\FRST
2014-01-22 18:29 - 2014-01-22 17:58 - 02077184 _____ (Farbar) C:\Users\Alexander Ley\Desktop\FRST64.exe
2014-01-22 00:15 - 2014-01-22 00:15 - 00000000 ___SH C:\DkHyperbootSync
2014-01-15 23:28 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-15 23:28 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 23:28 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 23:28 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 23:28 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-15 23:28 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 23:28 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 23:28 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 23:28 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-15 23:28 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 23:28 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-15 21:56 - 2014-01-15 22:01 - 00000156 _____ C:\Users\Alexander Ley\.jameica.properties
2014-01-15 21:55 - 2014-01-15 21:55 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 21:55 - 2014-01-15 21:54 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-15 21:55 - 2014-01-15 21:54 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-15 21:55 - 2014-01-15 21:54 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-15 21:55 - 2014-01-15 21:54 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-01-15 21:54 - 2014-01-15 21:54 - 00000000 ____D C:\Program Files\Java
2014-01-11 22:17 - 2014-01-11 22:17 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\1&1
2014-01-11 22:16 - 2014-01-11 22:16 - 00000000 ____D C:\Users\Alexander Ley\AppData\Local\1&1
2014-01-11 22:16 - 2014-01-11 22:16 - 00000000 ____D C:\ProgramData\1&1
2014-01-11 22:16 - 2014-01-11 22:16 - 00000000 ____D C:\Program Files (x86)\1&1
2014-01-11 22:16 - 2011-11-21 11:52 - 00199752 _____ (1&1 Internet AG) C:\WINDOWS\system32\Drivers\ui11rdr.SYS
2014-01-11 22:16 - 2011-11-21 11:52 - 00011776 _____ (1&1 Internet AG) C:\WINDOWS\system32\ui11np.dll
2014-01-11 22:16 - 2011-11-21 11:52 - 00007680 _____ (1&1 Internet AG) C:\WINDOWS\SysWOW64\ui11np.dll
2014-01-11 21:57 - 2014-01-11 21:59 - 1676918041 _____ C:\Users\Alexander Ley\Downloads\GT-I9505-Factory-Firmware-Full-Wipe-DBT.zip
2013-12-30 19:46 - 2013-12-30 19:48 - 486277120 _____ C:\Users\Alexander Ley\Documents\lumix.iso
2013-12-30 19:40 - 2013-12-30 19:40 - 00001961 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-12-30 19:40 - 2013-12-30 19:40 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\Canneverbe Limited
2013-12-30 19:40 - 2013-12-30 19:40 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2013-12-30 19:40 - 2013-12-30 19:40 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-12-30 19:18 - 2013-12-30 19:18 - 00000000 ____D C:\ProgramData\Panasonic
2013-12-30 19:17 - 2013-12-30 19:20 - 00000000 ____D C:\Users\Alexander Ley\AppData\Local\Panasonic
2013-12-30 19:16 - 2013-12-30 19:16 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\InstallShield
2013-12-30 19:16 - 2007-06-22 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\PICSDK2.dll
2013-12-30 19:16 - 2007-06-22 00:10 - 00000097 _____ C:\WINDOWS\SysWOW64\PICSDK.ini
2013-12-30 19:16 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\EpPicPrt.dll
2013-12-30 19:16 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\EPPicMgr.dll
2013-12-30 19:16 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\PICEntry.dll
2013-12-30 19:16 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\PICSDK.dll
2013-12-30 19:16 - 2005-06-01 00:20 - 00111932 _____ C:\WINDOWS\SysWOW64\EPPICPrinterDB.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00031053 _____ C:\WINDOWS\SysWOW64\EPPICPattern131.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00027417 _____ C:\WINDOWS\SysWOW64\EPPICPattern121.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00026154 _____ C:\WINDOWS\SysWOW64\EPPICPattern1.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00024903 _____ C:\WINDOWS\SysWOW64\EPPICPattern3.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00021390 _____ C:\WINDOWS\SysWOW64\EPPICPattern5.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00020148 _____ C:\WINDOWS\SysWOW64\EPPICPattern2.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00013732 _____ C:\WINDOWS\SysWOW64\EPPICLocal_EN.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00011811 _____ C:\WINDOWS\SysWOW64\EPPICPattern4.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00006442 _____ C:\WINDOWS\SysWOW64\EPPICLocal_IT.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00006347 _____ C:\WINDOWS\SysWOW64\EPPICLocal_PT.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00006347 _____ C:\WINDOWS\SysWOW64\EPPICLocal_BP.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00006335 _____ C:\WINDOWS\SysWOW64\EPPICLocal_GE.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00006195 _____ C:\WINDOWS\SysWOW64\EPPICLocal_FR.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00006195 _____ C:\WINDOWS\SysWOW64\EPPICLocal_CF.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00006122 _____ C:\WINDOWS\SysWOW64\EPPICLocal_DU.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00006103 _____ C:\WINDOWS\SysWOW64\EPPICLocal_ES.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00005817 _____ C:\WINDOWS\SysWOW64\EPPICLocal_KO.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00005436 _____ C:\WINDOWS\SysWOW64\EPPICLocal_SC.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00004943 _____ C:\WINDOWS\SysWOW64\EPPICPattern6.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00002889 _____ C:\WINDOWS\SysWOW64\EPPICLocal_RU.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00002426 _____ C:\WINDOWS\SysWOW64\EPPICLocal_TC.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00001146 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_DU.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00001139 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_PT.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00001139 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_BP.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00001136 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_ES.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00001129 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_FR.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00001129 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_CF.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00001120 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_IT.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00001107 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_GE.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00001104 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_EN.dat
2013-12-30 19:14 - 2013-12-30 19:14 - 00002222 _____ C:\Users\Public\Desktop\PHOTOfunSTUDIO 9.1 PE.lnk
2013-12-30 19:14 - 2011-10-04 16:29 - 00055952 ____N (Rovi Corporation) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
2013-12-30 19:14 - 2011-10-04 16:29 - 00010224 ____N (Sonic Solutions) C:\WINDOWS\system32\Drivers\cdralw2k.sys
2013-12-30 19:14 - 2011-10-04 16:29 - 00010224 ____N (Sonic Solutions) C:\WINDOWS\system32\Drivers\cdr4_xp.sys
2013-12-30 19:13 - 2013-12-30 19:13 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-12-30 19:13 - 2013-12-30 19:13 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-12-30 19:13 - 2013-12-30 19:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-12-30 19:11 - 2013-12-30 19:13 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-12-30 19:11 - 2013-12-30 19:11 - 00001930 _____ C:\Users\Public\Desktop\LUMIX Map Tool.lnk
2013-12-30 15:29 - 2011-04-11 19:55 - 00007680 _____ (Phoenix Technologies Ltd.) C:\WINDOWS\system32\Drivers\SGDrv64.sys
==================== One Month Modified Files and Folders =======
2014-01-22 18:30 - 2014-01-22 18:30 - 00021756 _____ C:\Users\Alexander Ley\Desktop\FRST.txt
2014-01-22 18:29 - 2014-01-22 18:29 - 00000000 ____D C:\FRST
2014-01-22 18:28 - 2013-10-18 07:37 - 01085764 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-22 18:28 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-22 17:58 - 2014-01-22 18:29 - 02077184 _____ (Farbar) C:\Users\Alexander Ley\Desktop\FRST64.exe
2014-01-22 11:20 - 2013-08-16 14:13 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2014-01-22 10:32 - 2013-08-16 20:25 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\Dropbox
2014-01-22 10:27 - 2013-08-16 23:02 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\vlc
2014-01-22 00:19 - 2012-10-23 05:18 - 00000000 ____D C:\ProgramData\WinClon
2014-01-22 00:18 - 2013-09-30 05:14 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-22 00:18 - 2013-09-30 04:56 - 00766620 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-22 00:18 - 2013-09-30 04:56 - 00159902 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-22 00:16 - 2013-08-16 20:28 - 00000000 ___RD C:\Users\Alexander Ley\Dropbox
2014-01-22 00:15 - 2014-01-22 00:15 - 00000000 ___SH C:\DkHyperbootSync
2014-01-19 19:32 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-19 00:33 - 2013-09-22 21:42 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\dvdcss
2014-01-19 00:06 - 2013-08-16 10:45 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2633699449-1107673460-929680308-1001
2014-01-18 23:47 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-18 23:04 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-18 00:41 - 2013-08-16 18:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-18 00:38 - 2013-08-16 18:45 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-17 20:53 - 2013-10-20 11:32 - 00014492 _____ C:\WINDOWS\setupact.log
2014-01-17 20:35 - 2013-08-17 13:12 - 00000000 ____D C:\Users\Alexander Ley\Documents\Outlook-Dateien
2014-01-15 22:11 - 2013-10-18 07:20 - 00000000 ____D C:\Users\Alexander Ley
2014-01-15 22:01 - 2014-01-15 21:56 - 00000156 _____ C:\Users\Alexander Ley\.jameica.properties
2014-01-15 21:55 - 2014-01-15 21:55 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 21:54 - 2014-01-15 21:55 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-15 21:54 - 2014-01-15 21:55 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-15 21:54 - 2014-01-15 21:55 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-15 21:54 - 2014-01-15 21:55 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-01-15 21:54 - 2014-01-15 21:54 - 00000000 ____D C:\Program Files\Java
2014-01-11 22:19 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-11 22:17 - 2014-01-11 22:17 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\1&1
2014-01-11 22:16 - 2014-01-11 22:16 - 00000000 ____D C:\Users\Alexander Ley\AppData\Local\1&1
2014-01-11 22:16 - 2014-01-11 22:16 - 00000000 ____D C:\ProgramData\1&1
2014-01-11 22:16 - 2014-01-11 22:16 - 00000000 ____D C:\Program Files (x86)\1&1
2014-01-11 21:59 - 2014-01-11 21:57 - 1676918041 _____ C:\Users\Alexander Ley\Downloads\GT-I9505-Factory-Firmware-Full-Wipe-DBT.zip
2014-01-08 00:22 - 2013-08-16 10:39 - 00000000 ___RD C:\Users\Alexander Ley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-08 00:21 - 2013-08-16 20:27 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-06 11:09 - 2013-11-16 17:10 - 00004142 _____ C:\WINDOWS\PFRO.log
2014-01-06 11:09 - 2013-08-22 15:44 - 00412224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-01 23:20 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-12-30 19:48 - 2013-12-30 19:46 - 486277120 _____ C:\Users\Alexander Ley\Documents\lumix.iso
2013-12-30 19:40 - 2013-12-30 19:40 - 00001961 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-12-30 19:40 - 2013-12-30 19:40 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\Canneverbe Limited
2013-12-30 19:40 - 2013-12-30 19:40 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2013-12-30 19:40 - 2013-12-30 19:40 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-12-30 19:20 - 2013-12-30 19:17 - 00000000 ____D C:\Users\Alexander Ley\AppData\Local\Panasonic
2013-12-30 19:18 - 2013-12-30 19:18 - 00000000 ____D C:\ProgramData\Panasonic
2013-12-30 19:16 - 2013-12-30 19:16 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\InstallShield
2013-12-30 19:14 - 2013-12-30 19:14 - 00002222 _____ C:\Users\Public\Desktop\PHOTOfunSTUDIO 9.1 PE.lnk
2013-12-30 19:13 - 2013-12-30 19:13 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-12-30 19:13 - 2013-12-30 19:13 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-12-30 19:13 - 2013-12-30 19:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-12-30 19:13 - 2013-12-30 19:11 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-12-30 19:13 - 2012-10-23 05:31 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-12-30 19:13 - 2012-10-23 04:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-30 19:11 - 2013-12-30 19:11 - 00001930 _____ C:\Users\Public\Desktop\LUMIX Map Tool.lnk
2013-12-30 15:31 - 2012-10-23 04:18 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-12-30 15:29 - 2012-10-23 05:10 - 00000000 ____D C:\ProgramData\SAMSUNG
2013-12-24 11:53 - 2013-10-10 07:37 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\Skype
2013-12-24 11:09 - 2013-10-10 07:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-24 11:09 - 2013-10-10 07:37 - 00000000 ____D C:\ProgramData\Skype
2013-12-23 11:36 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\tracing
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 23:56
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Additional FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2014 01
Ran by Alexander Ley at 2014-01-22 18:31:33
Running from C:\Users\Alexander Ley\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Disabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Disabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Disabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
==================== Installed Programs ======================
1&1 Upload-Manager (x32 Version: 2.0.676 - 1&1 Internet AG)
Adobe Acrobat XI Pro (x32 Version: 11.0.05 - Adobe Systems)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8 - Adobe Systems Incorporated)
AllSharePlayLink (x32 Version: 1.0.0 - Samsung Electronics Co., Ltd.)
Boxcryptor Classic 1.6 (x32 Version: 1.6.401.81 - Secomba GmbH)
CCleaner (Version: 4.04 - Piriform)
CDBurnerXP (x32 Version: 4.5.2.4478 - CDBurnerXP)
COMODO Internet Security Premium (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Easy File Share (x32 Version: 1.3.4 - Samsung Electronics CO.,LTD.)
EPSON BX635FWD Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
EPSON Scan (x32 Version: - Seiko Epson Corporation)
ETDWare X64 11.7.18.2_WHQL (Version: 11.7.18.2 - ELAN Microelectronic Corp.)
ExpressCache (Version: 1.0.94 - Condusiv Technologies)
Fast Flash Sleep Resume (x32 Version: 1.1.1 - Samsung) Hidden
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HWiNFO64 Version 4.22 (Version: 4.22 - Martin Malík - REALiX)
Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11 - Intel)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 10.18.10.3304 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.8.0.0548 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software Driver (Version: 15.08.0000.0249 - Intel Corporation) Hidden
Intel(R) Rapid Start Technology (x32 Version: 2.1.0.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (x32 Version: 15.8.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 15.08.0000.0172 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Java 7 Update 51 (64-bit) (Version: 7.0.510 - Oracle)
JDownloader 2 (Version: 2.0 - AppWork GmbH)
LUMIX Map Tool (x32 Version: 1.1.0 - Panasonic Corporation)
LUMIX Map Tool (x32 Version: 1.1.0 - Panasonic Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PHOTOfunSTUDIO 9.1 PE (x32 Version: 9.01.709 - Panasonic Corporation)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (x32 Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.7055 - Realtek Semiconductor Corp.)
Recovery (x32 Version: 6.0.10.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.46 - Samsung Electronics CO., LTD.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Settings (x32 Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Support Center (Version: 2.1.1204 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.13 - Samsung Electronics CO., LTD.) Hidden
SW Update (x32 Version: 2.1.21 - Samsung Electronics CO., LTD.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
VirtualCloneDrive (x32 Version: - Elaborate Bytes)
VLC media player 2.0.8 (Version: 2.0.8 - VideoLAN)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
06-01-2014 22:23:47 Geplanter Prüfpunkt
15-01-2014 03:25:35 Geplanter Prüfpunkt
22-01-2014 09:55:07 Windows Update
==================== Hosts content: ==========================
2013-09-12 12:29 - 2013-09-12 12:29 - 00000896 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {07E0F7F9-A82A-41A9-8EDB-8834E2AAEA8C} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0BD1A906-8C04-4ADD-9115-B0CF701D0E0C} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {0C8EC26F-F063-4C0C-BF59-42E6F04BCBAD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: {13118317-AF37-4BBB-81BB-4CAEE130CB55} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: {14A74713-03E2-496E-9D6F-F7F5C88D5544} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2013-11-11] (COMODO)
Task: {1920FDC0-CF91-4CE7-9609-543AFC5D62EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-18] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2B2AFE9F-B543-4A64-8DE4-43A83CF76A6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: {2B546E67-C6F2-47A7-B696-7445612DE6D6} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {3189D7F4-1D97-4657-8A42-7820CFA32782} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-31] (Samsung Electronics CO., LTD.)
Task: {3527B788-7014-4B60-9AB7-0401481B0FAC} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-08-23] (SEC)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {87FE547A-B835-45AE-A331-2F10B22F9D33} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {91D4353E-04B0-4DBC-9B72-170335F0A6CA} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C221C824-C354-49BE-8A8B-4E5C70E9603F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {C3A70C81-6177-46B6-87A6-EB434244EF56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: {CD2A0E64-EC07-47EC-A699-16BD52FAB915} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DFF6E927-2B25-405F-BD5D-E52006418053} - System32\Tasks\FFSRConfigurer => C:\Program Files (x86)\Samsung\Fast Flash Sleep Resume\FFSRConfigurer.exe [2012-08-22] (Samsung)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E83E970D-0AB9-41C8-8D17-4B73E1EA4DFD} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-19] (Intel)
Task: {ED1807BA-E5D6-47B2-B138-012E62C34E7B} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-11-20] (COMODO)
Task: {F8FEFC20-B998-4297-B33A-772E0B863885} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-03 22:42 - 2013-10-03 22:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-31 15:44 - 2013-10-31 15:44 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2013-11-16 16:53 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Alexander Ley\AppData\Roaming\Dropbox\bin\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Der angeforderte Dienst wurde bereits gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 3797.53 MB
Available physical RAM: 2545.07 MB
Total Pagefile: 4821.53 MB
Available Pagefile: 2599.61 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:439.87 GB) (Free:294.92 GB) NTFS
Drive d: () (Removable) (Total:14.94 GB) (Free:14.73 GB) FAT32
Drive x: (Boxcryptor Classic) (Fixed) (Total:439.87 GB) (Free:294.92 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3FE702B4)
Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 22 GB) (Disk ID: DE1B40E7)
Partition: GPT Partition Type
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 03D6B7AD)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
==================== End Of Log ============================
Ich habe den obigen Beitrag editiert. Danke für die Mühe. Habe es schon vor einiger Zeit zu schätzen gewusst.  Ich habe die Malwaresoftware auch einmal über den Laptop laufen lassen. Da wurden, meiner Meinung nach, die gleichen Dateien beanstandet. Wie kann das sein? Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.22.09 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16476 Alexander Ley :: SAMSUNGNOTEBOOK [Administrator] 22.01.2014 20:10:10 mbam-log-2014-01-22 (20-10-10).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 209797 Laufzeit: 28 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0X2O1C0R2R1R -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von der_aaaaalex (22.01.2014 um 18:39 Uhr) |
| Themen zu BSI Scan positiv |
| administrator, anderes, anti-malware, autostart, code, dateien, e-mail, ebenfalls, email, eset, explorer, festgestellt, gehackt, gen, guten, log, malwarebytes, online, quarantäne, scan, scanner, software, speicher, verdacht, version |
Baum-Darstellung