| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BSI Scan positivWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.01.2014, 17:44
| #1 |
 |  BSI Scan positiv Guten Tag, bei einer meiner Email Adressen wurde ebenfalls festgestellt, dass diese gehackt wurde. Ich habe hier schon einen Thema dazu gefunden und wollte dort nicht reinposten Kann ich da gleichermaßen vorgehen? Scan mit Combofix und FRST (muss noch mal schauen, was das ist) Gestern habe ich auf verdacht und ohne die Rückantwort von dieser Sicherheitsüberprüfung den Malwarebytes Anti-Malware laufen lassen und der hatte etwas gefunden. Das habe ich recht beachtungslos gelöscht. (gerade die Log gefunden) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.21.05 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16476 Alexander :: ALEXANDER [Administrator] 21.01.2014 18:19:00 mbam-log-2014-01-21 (18-19-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 207128 Laufzeit: 4 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0X2O1C0R2R1R -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Ich nutze die "befallende" E-Mail Adresse zwar häufiger, aber überall ist ein anderes sehr langes Passwort. Ist jetzt "nur" das Email Konto befallen oder mehr? Nutze KeyPass als Passwortverwaltungsprogramm. Ich bitte um Hilfe. Danke und Gruß, Alex Geändert von der_aaaaalex (22.01.2014 um 17:52 Uhr) |
|
22.01.2014, 18:01
| #2 |
| /// TB-Ausbilder   | BSI Scan positiv Hallo,
__________________mach bitte einen FRST-Scan: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
22.01.2014, 18:07
| #3 |
| | BSI Scan positiv Danke für die schnelle Antwort:
__________________FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-01-2014 01
Ran by Alexander (administrator) on ALEXANDER on 22-01-2014 18:04:01
Running from C:\Users\alexa_000\Desktop
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(AMD) C:\Windows\System32\atieclxx.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(2BrightSparks Pte Ltd) C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe
(CMedia) C:\Program Files\UNi Xonar Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\System\HsMgr64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Secomba GmbH) C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
( ) C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Dropbox, Inc.) C:\Users\alexa_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Cmaudio8788] - C:\Windows\Syswow64\cmicnfgp.dll [7946240 2012-11-20] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKCU\...\Run: [BoxcryptorClassic.exe] - C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe [2240256 2013-10-14] (Secomba GmbH)
HKCU\...\Run: [AdobeBridge] - [x]
Startup: C:\Users\alexa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\alexa_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\alexa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
SSODL: EldosMountNotificator-cbfs4 - {7942C150-F9C8-4D35-A4EF-15918FD44A50} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {7942C150-F9C8-4D35-A4EF-15918FD44A50} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\alexa_000\AppData\Roaming\Mozilla\Firefox\Profiles\4148eay7.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: Adblock Plus - C:\Users\alexa_000\AppData\Roaming\Mozilla\Firefox\Profiles\4148eay7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-14]
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Extension: (Google Drive) - C:\Users\alexa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-19]
CHR Extension: (YouTube) - C:\Users\alexa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-19]
CHR Extension: (Google-Suche) - C:\Users\alexa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-19]
CHR Extension: (Tampermonkey) - C:\Users\alexa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-01-21]
CHR Extension: (Google Kalender) - C:\Users\alexa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-09-19]
CHR Extension: (Facebook Disconnect) - C:\Users\alexa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2013-09-19]
CHR Extension: (AdBlock) - C:\Users\alexa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-19]
CHR Extension: (Google Maps) - C:\Users\alexa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-09-19]
CHR Extension: (Google Wallet) - C:\Users\alexa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
CHR Extension: (Marc Ecko) - C:\Users\alexa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2013-09-19]
CHR Extension: (Google Mail) - C:\Users\alexa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-19]
==================== Services (Whitelisted) =================
U2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
U3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-10-15] (Futuremark)
U3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation)
U2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
U2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-13] ()
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
U3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [386752 2013-08-30] (EldoS Corporation)
U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [715824 2013-11-14] (COMODO)
U1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [38072 2013-09-24] (COMODO)
U3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
U1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-01-16] (REALiX(tm))
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [118400 2013-09-24] (COMODO)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-23] (Microsoft Corporation)
U3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U3 Spyder4; C:\Windows\System32\drivers\dccmtr.sys [15360 2011-06-02] (Datacolor)
U3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
U3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2013-07-03] (EldoS Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [x]
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-06-06] (Seiko Epson Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-22 18:04 - 2014-01-22 18:04 - 00016715 _____ C:\Users\alexa_000\Desktop\FRST.txt
2014-01-22 18:03 - 2014-01-22 18:03 - 00000000 ____D C:\FRST
2014-01-22 18:00 - 2014-01-22 18:00 - 05173757 _____ (Swearware) C:\Users\alexa_000\Desktop\ComboFix.exe
2014-01-22 18:00 - 2014-01-22 17:58 - 02077184 _____ (Farbar) C:\Users\alexa_000\Desktop\FRST64.exe
2014-01-21 18:30 - 2014-01-21 18:30 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-21 18:17 - 2014-01-21 18:17 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-21 18:17 - 2014-01-21 18:17 - 00000000 ____D C:\Users\alexa_000\AppData\Roaming\Malwarebytes
2014-01-21 18:17 - 2014-01-21 18:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 18:17 - 2014-01-21 18:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-21 18:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-20 10:45 - 2014-01-20 10:45 - 00001556 _____ C:\Users\Public\Desktop\iTunes.lnk
2014-01-20 10:45 - 2014-01-20 10:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-20 10:45 - 2014-01-20 10:45 - 00000000 ____D C:\Program Files\iTunes
2014-01-20 10:45 - 2014-01-20 10:45 - 00000000 ____D C:\Program Files\iPod
2014-01-20 10:44 - 2014-01-20 10:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-16 18:06 - 2014-01-22 17:47 - 00232725 _____ C:\Windows\WindowsUpdate.log
2014-01-16 15:58 - 2014-01-16 15:58 - 00031648 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2014-01-16 15:58 - 2014-01-16 15:58 - 00000000 ____D C:\Program Files\HWiNFO64
2014-01-15 16:52 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2014-01-15 16:52 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2014-01-15 16:52 - 2013-11-27 11:34 - 00138240 _____ C:\Windows\system32\OEMLicense.dll
2014-01-15 16:52 - 2013-11-27 10:54 - 00103936 _____ C:\Windows\SysWOW64\OEMLicense.dll
2014-01-15 16:52 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 16:52 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2014-01-15 16:52 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 16:52 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2014-01-15 16:52 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 16:52 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 11:56 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-01-13 13:37 - 2014-01-13 13:37 - 00000000 ____D C:\Users\alexa_000\AppData\Roaming\Mozilla
2014-01-13 13:37 - 2014-01-13 13:37 - 00000000 ____D C:\Users\alexa_000\AppData\Local\Mozilla
2014-01-12 12:15 - 2014-01-12 12:15 - 00000000 ____D C:\Windows\System32\Tasks\2BrightSparks
2014-01-12 12:15 - 2014-01-12 12:15 - 00000000 ____D C:\Users\alexa_000\AppData\Roaming\2BrightSparks
2014-01-09 16:52 - 2013-11-22 15:42 - 02587136 _____ C:\Users\alexa_000\Documents\testx64.exe
2014-01-08 15:23 - 2014-01-08 15:23 - 00000000 ____D C:\Users\alexa_000\Documents\Assassin's Creed IV Black Flag
2014-01-08 15:23 - 2014-01-08 15:23 - 00000000 ____D C:\ProgramData\Steam
2014-01-08 15:23 - 2014-01-08 15:23 - 00000000 ____D C:\ProgramData\Orbit
2014-01-08 15:04 - 2014-01-08 15:04 - 00001178 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-08 15:04 - 2014-01-08 15:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2014-01-08 13:10 - 2014-01-08 13:11 - 00000878 _____ C:\Users\alexa_000\Desktop\JDownloader 2.lnk
2014-01-08 13:10 - 2014-01-08 13:11 - 00000000 ____D C:\Users\alexa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-01-07 22:18 - 2014-01-07 22:45 - 00000000 ____D C:\Users\alexa_000\AppData\Roaming\Skype
2014-01-07 22:18 - 2014-01-07 22:45 - 00000000 ____D C:\ProgramData\Skype
2014-01-07 22:16 - 2014-01-09 14:34 - 00000000 ____D C:\Users\alexa_000\Tracing
2014-01-07 22:15 - 2014-01-07 22:52 - 00000000 ____D C:\Users\alexa_000\AppData\Local\Windows Live
2014-01-07 22:01 - 2014-01-07 22:01 - 00000000 __RHD C:\Users\alexa_000\AppData\Roaming\SecuROM
2014-01-07 21:51 - 2005-12-05 18:07 - 00081616 _____ (Microsoft Corporation) C:\Windows\system32\SETE016.tmp
2014-01-07 21:51 - 2005-12-05 18:07 - 00061136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SETDFC8.tmp
==================== One Month Modified Files and Folders =======
2014-01-22 18:04 - 2014-01-22 18:04 - 00016715 _____ C:\Users\alexa_000\Desktop\FRST.txt
2014-01-22 18:03 - 2014-01-22 18:03 - 00000000 ____D C:\FRST
2014-01-22 18:01 - 2013-09-19 11:50 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1987883627-932630610-2057428837-1001
2014-01-22 18:00 - 2014-01-22 18:00 - 05173757 _____ (Swearware) C:\Users\alexa_000\Desktop\ComboFix.exe
2014-01-22 18:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2014-01-22 17:58 - 2014-01-22 18:00 - 02077184 _____ (Farbar) C:\Users\alexa_000\Desktop\FRST64.exe
2014-01-22 17:58 - 2013-09-19 13:43 - 00000000 ____D C:\Users\alexa_000\Documents\Outlook-Dateien
2014-01-22 17:57 - 2013-09-19 13:04 - 00000000 ____D C:\Program Files (x86)\Adobe
2014-01-22 17:55 - 2013-09-19 12:57 - 00000000 ____D C:\Users\alexa_000\AppData\Roaming\Dropbox
2014-01-22 17:47 - 2014-01-16 18:06 - 00232725 _____ C:\Windows\WindowsUpdate.log
2014-01-22 17:27 - 2013-09-26 19:45 - 00003032 _____ C:\Windows\System32\Tasks\MSIAfterburner
2014-01-22 17:27 - 2013-09-19 12:02 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-22 12:17 - 2013-09-19 12:02 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-21 19:13 - 2013-09-19 11:46 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-21 19:13 - 2013-08-23 00:24 - 00765378 _____ C:\Windows\system32\perfh007.dat
2014-01-21 19:13 - 2013-08-23 00:24 - 00159696 _____ C:\Windows\system32\perfc007.dat
2014-01-21 18:30 - 2014-01-21 18:30 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-21 18:25 - 2013-12-12 12:04 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2014-01-21 18:25 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 18:17 - 2014-01-21 18:17 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-21 18:17 - 2014-01-21 18:17 - 00000000 ____D C:\Users\alexa_000\AppData\Roaming\Malwarebytes
2014-01-21 18:17 - 2014-01-21 18:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 18:17 - 2014-01-21 18:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-20 14:06 - 2013-09-19 13:35 - 00000000 ____D C:\Users\alexa_000\AppData\Roaming\vlc
2014-01-20 13:05 - 2013-09-19 12:19 - 00000000 ____D C:\Users\alexa_000\Desktop\Spiele
2014-01-20 10:45 - 2014-01-20 10:45 - 00001556 _____ C:\Users\Public\Desktop\iTunes.lnk
2014-01-20 10:45 - 2014-01-20 10:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-20 10:45 - 2014-01-20 10:45 - 00000000 ____D C:\Program Files\iTunes
2014-01-20 10:45 - 2014-01-20 10:45 - 00000000 ____D C:\Program Files\iPod
2014-01-20 10:44 - 2014-01-20 10:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-19 18:34 - 2013-09-19 13:04 - 00000000 ____D C:\ProgramData\Adobe
2014-01-17 15:44 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\WinStore
2014-01-17 12:31 - 2013-09-19 12:58 - 00000000 ____D C:\Users\alexa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-17 12:31 - 2013-09-19 11:45 - 00000000 ___RD C:\Users\alexa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 17:12 - 2013-09-19 11:45 - 00000000 ____D C:\Users\alexa_000
2014-01-16 17:07 - 2013-09-19 11:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-16 16:16 - 2013-09-19 12:19 - 00000000 ____D C:\Users\alexa_000\Desktop\Benchmark
2014-01-16 15:58 - 2014-01-16 15:58 - 00031648 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2014-01-16 15:58 - 2014-01-16 15:58 - 00000000 ____D C:\Program Files\HWiNFO64
2014-01-16 15:06 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\tracing
2014-01-16 13:17 - 2013-09-24 07:47 - 00000000 ____D C:\Windows\Minidump
2014-01-15 17:37 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2014-01-15 12:07 - 2013-11-14 09:57 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 12:06 - 2013-11-14 09:57 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 18:01 - 2013-09-19 13:04 - 00000000 ____D C:\Users\alexa_000\AppData\Local\Adobe
2014-01-13 13:37 - 2014-01-13 13:37 - 00000000 ____D C:\Users\alexa_000\AppData\Roaming\Mozilla
2014-01-13 13:37 - 2014-01-13 13:37 - 00000000 ____D C:\Users\alexa_000\AppData\Local\Mozilla
2014-01-12 12:15 - 2014-01-12 12:15 - 00000000 ____D C:\Windows\System32\Tasks\2BrightSparks
2014-01-12 12:15 - 2014-01-12 12:15 - 00000000 ____D C:\Users\alexa_000\AppData\Roaming\2BrightSparks
2014-01-12 12:15 - 2013-09-19 12:17 - 00000000 ____D C:\Users\alexa_000\AppData\Local\2BrightSparks
2014-01-11 13:56 - 2013-08-22 15:44 - 05110648 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-09 15:45 - 2013-09-19 11:45 - 00000000 ____D C:\Users\alexa_000\AppData\Roaming\Adobe
2014-01-09 14:34 - 2014-01-07 22:16 - 00000000 ____D C:\Users\alexa_000\Tracing
2014-01-09 09:52 - 2013-11-18 16:10 - 00000000 ____D C:\Users\alexa_000\AppData\Roaming\TeamViewer
2014-01-08 15:23 - 2014-01-08 15:23 - 00000000 ____D C:\Users\alexa_000\Documents\Assassin's Creed IV Black Flag
2014-01-08 15:23 - 2014-01-08 15:23 - 00000000 ____D C:\ProgramData\Steam
2014-01-08 15:23 - 2014-01-08 15:23 - 00000000 ____D C:\ProgramData\Orbit
2014-01-08 15:04 - 2014-01-08 15:04 - 00001178 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-08 15:04 - 2014-01-08 15:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2014-01-08 13:11 - 2014-01-08 13:10 - 00000878 _____ C:\Users\alexa_000\Desktop\JDownloader 2.lnk
2014-01-08 13:11 - 2014-01-08 13:10 - 00000000 ____D C:\Users\alexa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-01-07 22:52 - 2014-01-07 22:15 - 00000000 ____D C:\Users\alexa_000\AppData\Local\Windows Live
2014-01-07 22:52 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-07 22:47 - 2013-09-19 12:48 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-07 22:47 - 2013-09-19 12:47 - 00000000 ____D C:\Program Files\CCleaner
2014-01-07 22:45 - 2014-01-07 22:18 - 00000000 ____D C:\Users\alexa_000\AppData\Roaming\Skype
2014-01-07 22:45 - 2014-01-07 22:18 - 00000000 ____D C:\ProgramData\Skype
2014-01-07 22:45 - 2013-09-19 13:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2014-01-07 22:45 - 2013-09-19 12:33 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-07 22:01 - 2014-01-07 22:01 - 00000000 __RHD C:\Users\alexa_000\AppData\Roaming\SecuROM
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-05 14:07 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
Some content of TEMP:
====================
C:\Users\alexa_000\AppData\Local\Temp\vlc-2.1.2-win64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-20 10:31
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Addition FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2014 01
Ran by Alexander at 2014-01-22 18:04:31
Running from C:\Users\alexa_000\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
==================== Installed Programs ======================
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Photoshop CS6 (x32 Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 64-bit (Version: 5.0.1 - Adobe)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31129 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1129.1143.20969 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Königsedition (x32 Version: 3.10.0000 - Ubisoft)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ASRock RapidStart v1.0.6 (Version: - ASRock Inc.)
Assassin’s Creed IV Black Flag (x32 Version: Assassin’s Creed IV Black Flag - )
Battlefield 3™ (x32 Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (x32 Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.3.2 - EA Digital Illusions CE AB)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Boxcryptor Classic 1.6 (x32 Version: 1.6.401.81 - Secomba GmbH)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1129.1143.20969 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1129.1143.20969 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1129.1143.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1129.1143.20969 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.09 - Piriform)
COMODO Internet Security Premium (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.)
CPUID CPU-Z 1.68 (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Druckerdeinstallation für EPSON BX635FWD Series (Version: - SEIKO EPSON Corporation)
EPSON Scan (x32 Version: - Seiko Epson Corporation)
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
FRAFS Bench Viewer Version 0.2.8.9 (x32 Version: 0.2.8.9 - raffriff42)
Fraps (x32 Version: - )
Futuremark SystemInfo (x32 Version: 4.22.211 - Futuremark)
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HWiNFO64 Version 4.30 (Version: 4.30 - Martin Malík - REALiX)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36943 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 9.0.5.1367 - Intel Corporation)
Intel(R) Rapid Start Technology (x32 Version: 2.1.0.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.7.0.1013 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
JDownloader 2 (Version: 2.0 - AppWork GmbH)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (Version: 8.50.281 - Logitech Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
MOBackup - Datensicherung für Outlook (Vollversion) (x32 Version: 6.90 - Heiko Schröder)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
MSI Afterburner 3.0.0 Beta 17 (x32 Version: 3.0.0 Beta 17 - MSI Co., LTD)
MSI Kombustor 2.5.2 (x32 Version: - MSI Co., LTD)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Nero 2014 (x32 Version: 15.0.02100 - Nero AG)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20031 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Burning Core (x32 Version: 15.0.19000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 15.0.19000 - Nero AG) Hidden
Nero Burning ROM 2014 (x32 Version: 15.0.01300 - Nero AG)
Nero Burning ROM Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.22500 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc to Device (x32 Version: 15.0.12010 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 15.0.10010 - Nero AG) Hidden
Nero Express (x32 Version: 15.0.19000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero Info (x32 Version: 15.1.0023 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 15.0.8000 - Nero AG) Hidden
Nero MediaHome Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 15.0.10008 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.15003 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
OpenAL (x32 Version: - )
Origin (x32 Version: 9.3.6.4643 - Electronic Arts, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
QPST 2.7 (x32 Version: 2.7.378 - Qualcomm)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012 - Realtek)
Samsung Magician (x32 Version: 4.3.0 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Spyder4Pro (x32 Version: - )
SyncBackFree (x32 Version: 6.5.22.0 - 2BrightSparks)
TeamSpeak 3 Client (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamViewer 9 (x32 Version: 9.0.24951 - TeamViewer)
UNi Xonar Audio Driver (Version: - )
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
VirtualCloneDrive (x32 Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH)
==================== Restore Points =========================
07-01-2014 19:46:25 Installiert Rockstar Games Social Club
09-01-2014 14:45:37 Removed Adobe Acrobat XI Pro.
11-01-2014 12:46:56 Installed Adobe Acrobat XI Pro.
15-01-2014 11:06:32 Windows Update
16-01-2014 16:06:53 Entfernt 3DMark
22-01-2014 16:55:28 Removed Adobe Acrobat XI Pro.
==================== Hosts content: ==========================
2013-08-22 14:25 - 2014-01-11 13:43 - 00002172 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {01BA9253-891D-4F73-A243-52058EEBEFEA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {05A12793-8A61-4F4C-9EC9-9D153FCF8AB6} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: {09B4A4DA-CEC0-4912-BAB4-C906227FD979} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {10C99443-56B8-4717-A9F2-5A9AD562312C} - System32\Tasks\2BrightSparks\SyncBackFree\Alexander-Alexander\SyncBackFree Werther Brücke d zu x => C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2014-01-07] (2BrightSparks Pte Ltd)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4D4A4A70-69FD-40C3-8E0B-6880E166E4EC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {5196B6B2-F6A1-4951-B596-4C233A1E946E} - System32\Tasks\2BrightSparks\SyncBackFree\Alexander-Alexander\SyncBackFree Arztunterlagen d zu x => C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2014-01-07] (2BrightSparks Pte Ltd)
Task: {61E255EE-9FC1-4FF2-A707-A6D7EF3C9A19} - System32\Tasks\2BrightSparks\SyncBackFree\Alexander-Alexander\SyncBackFree => C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2014-01-07] (2BrightSparks Pte Ltd)
Task: {6A877092-EFEA-4B14-B10E-820128B3F913} - System32\Tasks\2BrightSparks\SyncBackFree\Alexander-Alexander\SyncBackFree Textdokuemente d zu x => C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2014-01-07] (2BrightSparks Pte Ltd)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6AD4CF66-F06D-4E93-87E0-A65DDC227C6B} - System32\Tasks\2BrightSparks\SyncBackFree\Alexander-Alexander\SyncBackFree Dropbox => C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2014-01-07] (2BrightSparks Pte Ltd)
Task: {6B41B6EB-A3B0-425B-B8D0-9D000DD44FC0} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-08-20] (Nero AG)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7FC3DF67-439D-4DD6-8950-04220CB75DE0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-01-15] (Microsoft Corporation)
Task: {84BB6BA6-773E-4828-9496-B98300048C9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {88C7E2D2-C2E0-4EDF-8AB7-D6E0668E6385} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {893526F1-37AB-4E3D-9E99-22E710514263} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2013-11-11] (COMODO)
Task: {8978885C-92FE-4BAA-B731-FD2482E5E908} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {8BFE3E7F-A588-4D2A-9059-27AE6B878833} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {900FDCA9-48AB-4ED4-9D5C-CC0A104A2166} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2013-11-14] ()
Task: {93E21EF9-D673-4FCA-8E84-462B90EFB3D8} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-11-20] (COMODO)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D3C7E019-3A90-416A-BAA6-ABAA21DCBD29} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EECEA123-3FA9-4BF3-A274-8A2663D5CDCC} - System32\Tasks\2BrightSparks\SyncBackFree\Alexander-Alexander\SyncBackFree Uni Wuppertal d zu x => C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2014-01-07] (2BrightSparks Pte Ltd)
Task: {F00C7B15-7890-45AC-B5D2-AA0311ADD12A} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: {F240DE88-97D3-434E-BF82-2E3E4D19481E} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Der angeforderte Dienst wurde bereits gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 8148.36 MB
Available physical RAM: 6054.02 MB
Total Pagefile: 16340.36 MB
Available Pagefile: 13853 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:103.45 GB) (Free:55.16 GB) NTFS
Drive d: (Volume) (Fixed) (Total:829.53 GB) (Free:603.12 GB) NTFS
Drive e: (Daten) (Fixed) (Total:101.76 GB) (Free:98.49 GB) NTFS
Drive f: (Spiele) (Fixed) (Total:59.62 GB) (Free:12.5 GB) NTFS
Drive x: (Boxcryptor Classic) (Fixed) (Total:829.53 GB) (Free:603.12 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: 79DF4D48)
Partition 1: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 5C299875)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=103 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=84)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 423C55AE)
Partition: GPT Partition Type
==================== End Of Log ============================
Nebenbei lief die Comdo Firewall. DIe hatte einmal kurz gemeckert bei dem Tool. Frage: Ich nutze nebenbei noch diese Mail Adresse über einen LAptop. DA müsste ich ja das gleiche durchführen oder? Geändert von der_aaaaalex (22.01.2014 um 18:12 Uhr) |
|
22.01.2014, 18:26
| #4 |
| /// TB-Ausbilder | BSI Scan positiv Dieser Rechner sieht nicht infiziert aus. Mach dasselbe auch mal auf dem Laptop.
__________________ cheers, Leo |
|
22.01.2014, 20:42
| #5 |
| | BSI Scan positiv Ich werde es gleich durchführen und dann hier noch einmal posten. Danke bis hierhin. Sollte ich denn, abgesehen von einem neuen Passwort bei meiner "Spam" Email Adresse noch etwas anderes beachten? Hier die Logdateien des Laptops: FRST FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-01-2014 01
Ran by Alexander Ley (administrator) on SAMSUNGNOTEBOOK on 22-01-2014 18:30:01
Running from C:\Users\Alexander Ley\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Secomba GmbH) C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe
(1&1 Internet AG) C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Dropbox, Inc.) C:\Users\Alexander Ley\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) \\?\C:\WINDOWS\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-09-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7818040 2013-09-19] (Motorola Solutions, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [BoxcryptorClassic.exe] - C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe [2240256 2013-10-14] (Secomba GmbH)
HKCU\...\Run: [1&1_1&1 Upload-Manager] - C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE [989264 2011-11-21] (1&1 Internet AG)
Startup: C:\Users\Alexander Ley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alexander Ley\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator-cbfs4 - {3B9BAC01-6257-41BC-8216-7E4419F0E0DB} - C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {3B9BAC01-6257-41BC-8216-7E4419F0E0DB} - C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {F0C54B2B-EAF8-4F93-9B1E-72BAE7D573B1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {F0C54B2B-EAF8-4F93-9B1E-72BAE7D573B1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {F0C54B2B-EAF8-4F93-9B1E-72BAE7D573B1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {F0C54B2B-EAF8-4F93-9B1E-72BAE7D573B1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {F0C54B2B-EAF8-4F93-9B1E-72BAE7D573B1} URL =
SearchScopes: HKCU - {F0C54B2B-EAF8-4F93-9B1E-72BAE7D573B1} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{E59035AC-8252-40D3-9139-2673440D5F77}: [NameServer]208.67.222.222,208.67.220.220
FireFox:
========
FF ProfilePath: C:\Users\Alexander Ley\AppData\Roaming\Mozilla\Firefox\Profiles\ny9qulup.default
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-09-12]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-16]
CHR Extension: (Google Drive) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-16]
CHR Extension: (YouTube) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-16]
CHR Extension: (Google-Suche) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-16]
CHR Extension: (Tampermonkey) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-10-24]
CHR Extension: (Adobe Acrobat – PDF-Datei erstellen) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-09-12]
CHR Extension: (Google Kalender) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-08-16]
CHR Extension: (Facebook Disconnect) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2013-08-16]
CHR Extension: (Super Mario Flash 1 Spiel) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\enfifaioninnhmakfheicigjingihhif [2013-08-26]
CHR Extension: (AdBlock) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-16]
CHR Extension: (Google Maps) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-08-16]
CHR Extension: (Google Wallet) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Marc Ecko) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2013-08-16]
CHR Extension: (Google Mail) - C:\Users\Alexander Ley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-09-05]
==================== Services (Whitelisted) =================
U2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
U2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
U2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-06] (ELAN Microelectronics Corp.)
U2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
U2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
U3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
U2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
U2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
U3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
U2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
U2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
U3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
U3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
U1 cbfs4; C:\windows\system32\drivers\cbfs4.sys [386752 2013-08-30] (EldoS Corporation)
U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [715824 2013-11-14] (COMODO)
U1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [38072 2013-09-24] (COMODO)
U1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
U0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
U3 FTDIBUS; C:\Windows\system32\drivers\opcomusb.sys [69320 2013-08-21] (FTDI Ltd.)
U1 HWiNFO32; C:\windows\system32\drivers\HWiNFO64A.SYS [31136 2013-08-16] (REALiX(tm))
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [118400 2013-09-24] (COMODO)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
U3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-12-24] (Windows (R) 2003 DDK 3790 provider)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U2 SGDrv; C:\Windows\System32\drivers\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [199752 2011-11-21] (1&1 Internet AG)
U3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
U3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2013-07-03] (EldoS Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-22 18:30 - 2014-01-22 18:30 - 00021756 _____ C:\Users\Alexander Ley\Desktop\FRST.txt
2014-01-22 18:29 - 2014-01-22 18:29 - 00000000 ____D C:\FRST
2014-01-22 18:29 - 2014-01-22 17:58 - 02077184 _____ (Farbar) C:\Users\Alexander Ley\Desktop\FRST64.exe
2014-01-22 00:15 - 2014-01-22 00:15 - 00000000 ___SH C:\DkHyperbootSync
2014-01-15 23:28 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-15 23:28 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 23:28 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 23:28 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 23:28 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-15 23:28 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 23:28 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 23:28 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 23:28 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-15 23:28 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 23:28 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-15 21:56 - 2014-01-15 22:01 - 00000156 _____ C:\Users\Alexander Ley\.jameica.properties
2014-01-15 21:55 - 2014-01-15 21:55 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 21:55 - 2014-01-15 21:54 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-15 21:55 - 2014-01-15 21:54 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-15 21:55 - 2014-01-15 21:54 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-15 21:55 - 2014-01-15 21:54 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-01-15 21:54 - 2014-01-15 21:54 - 00000000 ____D C:\Program Files\Java
2014-01-11 22:17 - 2014-01-11 22:17 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\1&1
2014-01-11 22:16 - 2014-01-11 22:16 - 00000000 ____D C:\Users\Alexander Ley\AppData\Local\1&1
2014-01-11 22:16 - 2014-01-11 22:16 - 00000000 ____D C:\ProgramData\1&1
2014-01-11 22:16 - 2014-01-11 22:16 - 00000000 ____D C:\Program Files (x86)\1&1
2014-01-11 22:16 - 2011-11-21 11:52 - 00199752 _____ (1&1 Internet AG) C:\WINDOWS\system32\Drivers\ui11rdr.SYS
2014-01-11 22:16 - 2011-11-21 11:52 - 00011776 _____ (1&1 Internet AG) C:\WINDOWS\system32\ui11np.dll
2014-01-11 22:16 - 2011-11-21 11:52 - 00007680 _____ (1&1 Internet AG) C:\WINDOWS\SysWOW64\ui11np.dll
2014-01-11 21:57 - 2014-01-11 21:59 - 1676918041 _____ C:\Users\Alexander Ley\Downloads\GT-I9505-Factory-Firmware-Full-Wipe-DBT.zip
2013-12-30 19:46 - 2013-12-30 19:48 - 486277120 _____ C:\Users\Alexander Ley\Documents\lumix.iso
2013-12-30 19:40 - 2013-12-30 19:40 - 00001961 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-12-30 19:40 - 2013-12-30 19:40 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\Canneverbe Limited
2013-12-30 19:40 - 2013-12-30 19:40 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2013-12-30 19:40 - 2013-12-30 19:40 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-12-30 19:18 - 2013-12-30 19:18 - 00000000 ____D C:\ProgramData\Panasonic
2013-12-30 19:17 - 2013-12-30 19:20 - 00000000 ____D C:\Users\Alexander Ley\AppData\Local\Panasonic
2013-12-30 19:16 - 2013-12-30 19:16 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\InstallShield
2013-12-30 19:16 - 2007-06-22 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\PICSDK2.dll
2013-12-30 19:16 - 2007-06-22 00:10 - 00000097 _____ C:\WINDOWS\SysWOW64\PICSDK.ini
2013-12-30 19:16 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\EpPicPrt.dll
2013-12-30 19:16 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\EPPicMgr.dll
2013-12-30 19:16 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\PICEntry.dll
2013-12-30 19:16 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\PICSDK.dll
2013-12-30 19:16 - 2005-06-01 00:20 - 00111932 _____ C:\WINDOWS\SysWOW64\EPPICPrinterDB.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00031053 _____ C:\WINDOWS\SysWOW64\EPPICPattern131.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00027417 _____ C:\WINDOWS\SysWOW64\EPPICPattern121.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00026154 _____ C:\WINDOWS\SysWOW64\EPPICPattern1.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00024903 _____ C:\WINDOWS\SysWOW64\EPPICPattern3.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00021390 _____ C:\WINDOWS\SysWOW64\EPPICPattern5.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00020148 _____ C:\WINDOWS\SysWOW64\EPPICPattern2.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00013732 _____ C:\WINDOWS\SysWOW64\EPPICLocal_EN.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00011811 _____ C:\WINDOWS\SysWOW64\EPPICPattern4.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00006442 _____ C:\WINDOWS\SysWOW64\EPPICLocal_IT.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00006347 _____ C:\WINDOWS\SysWOW64\EPPICLocal_PT.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00006347 _____ C:\WINDOWS\SysWOW64\EPPICLocal_BP.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00006335 _____ C:\WINDOWS\SysWOW64\EPPICLocal_GE.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00006195 _____ C:\WINDOWS\SysWOW64\EPPICLocal_FR.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00006195 _____ C:\WINDOWS\SysWOW64\EPPICLocal_CF.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00006122 _____ C:\WINDOWS\SysWOW64\EPPICLocal_DU.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00006103 _____ C:\WINDOWS\SysWOW64\EPPICLocal_ES.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00005817 _____ C:\WINDOWS\SysWOW64\EPPICLocal_KO.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00005436 _____ C:\WINDOWS\SysWOW64\EPPICLocal_SC.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00004943 _____ C:\WINDOWS\SysWOW64\EPPICPattern6.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00002889 _____ C:\WINDOWS\SysWOW64\EPPICLocal_RU.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00002426 _____ C:\WINDOWS\SysWOW64\EPPICLocal_TC.cfg
2013-12-30 19:16 - 2004-03-03 06:10 - 00001146 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_DU.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00001139 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_PT.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00001139 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_BP.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00001136 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_ES.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00001129 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_FR.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00001129 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_CF.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00001120 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_IT.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00001107 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_GE.dat
2013-12-30 19:16 - 2004-03-03 06:10 - 00001104 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_EN.dat
2013-12-30 19:14 - 2013-12-30 19:14 - 00002222 _____ C:\Users\Public\Desktop\PHOTOfunSTUDIO 9.1 PE.lnk
2013-12-30 19:14 - 2011-10-04 16:29 - 00055952 ____N (Rovi Corporation) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
2013-12-30 19:14 - 2011-10-04 16:29 - 00010224 ____N (Sonic Solutions) C:\WINDOWS\system32\Drivers\cdralw2k.sys
2013-12-30 19:14 - 2011-10-04 16:29 - 00010224 ____N (Sonic Solutions) C:\WINDOWS\system32\Drivers\cdr4_xp.sys
2013-12-30 19:13 - 2013-12-30 19:13 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-12-30 19:13 - 2013-12-30 19:13 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-12-30 19:13 - 2013-12-30 19:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-12-30 19:11 - 2013-12-30 19:13 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-12-30 19:11 - 2013-12-30 19:11 - 00001930 _____ C:\Users\Public\Desktop\LUMIX Map Tool.lnk
2013-12-30 15:29 - 2011-04-11 19:55 - 00007680 _____ (Phoenix Technologies Ltd.) C:\WINDOWS\system32\Drivers\SGDrv64.sys
==================== One Month Modified Files and Folders =======
2014-01-22 18:30 - 2014-01-22 18:30 - 00021756 _____ C:\Users\Alexander Ley\Desktop\FRST.txt
2014-01-22 18:29 - 2014-01-22 18:29 - 00000000 ____D C:\FRST
2014-01-22 18:28 - 2013-10-18 07:37 - 01085764 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-22 18:28 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-22 17:58 - 2014-01-22 18:29 - 02077184 _____ (Farbar) C:\Users\Alexander Ley\Desktop\FRST64.exe
2014-01-22 11:20 - 2013-08-16 14:13 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2014-01-22 10:32 - 2013-08-16 20:25 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\Dropbox
2014-01-22 10:27 - 2013-08-16 23:02 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\vlc
2014-01-22 00:19 - 2012-10-23 05:18 - 00000000 ____D C:\ProgramData\WinClon
2014-01-22 00:18 - 2013-09-30 05:14 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-22 00:18 - 2013-09-30 04:56 - 00766620 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-22 00:18 - 2013-09-30 04:56 - 00159902 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-22 00:16 - 2013-08-16 20:28 - 00000000 ___RD C:\Users\Alexander Ley\Dropbox
2014-01-22 00:15 - 2014-01-22 00:15 - 00000000 ___SH C:\DkHyperbootSync
2014-01-19 19:32 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-19 00:33 - 2013-09-22 21:42 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\dvdcss
2014-01-19 00:06 - 2013-08-16 10:45 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2633699449-1107673460-929680308-1001
2014-01-18 23:47 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-18 23:04 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-18 00:41 - 2013-08-16 18:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-18 00:38 - 2013-08-16 18:45 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-17 20:53 - 2013-10-20 11:32 - 00014492 _____ C:\WINDOWS\setupact.log
2014-01-17 20:35 - 2013-08-17 13:12 - 00000000 ____D C:\Users\Alexander Ley\Documents\Outlook-Dateien
2014-01-15 22:11 - 2013-10-18 07:20 - 00000000 ____D C:\Users\Alexander Ley
2014-01-15 22:01 - 2014-01-15 21:56 - 00000156 _____ C:\Users\Alexander Ley\.jameica.properties
2014-01-15 21:55 - 2014-01-15 21:55 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 21:54 - 2014-01-15 21:55 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-15 21:54 - 2014-01-15 21:55 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-15 21:54 - 2014-01-15 21:55 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-15 21:54 - 2014-01-15 21:55 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-01-15 21:54 - 2014-01-15 21:54 - 00000000 ____D C:\Program Files\Java
2014-01-11 22:19 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-11 22:17 - 2014-01-11 22:17 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\1&1
2014-01-11 22:16 - 2014-01-11 22:16 - 00000000 ____D C:\Users\Alexander Ley\AppData\Local\1&1
2014-01-11 22:16 - 2014-01-11 22:16 - 00000000 ____D C:\ProgramData\1&1
2014-01-11 22:16 - 2014-01-11 22:16 - 00000000 ____D C:\Program Files (x86)\1&1
2014-01-11 21:59 - 2014-01-11 21:57 - 1676918041 _____ C:\Users\Alexander Ley\Downloads\GT-I9505-Factory-Firmware-Full-Wipe-DBT.zip
2014-01-08 00:22 - 2013-08-16 10:39 - 00000000 ___RD C:\Users\Alexander Ley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-08 00:21 - 2013-08-16 20:27 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-06 11:09 - 2013-11-16 17:10 - 00004142 _____ C:\WINDOWS\PFRO.log
2014-01-06 11:09 - 2013-08-22 15:44 - 00412224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-01 23:20 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-12-30 19:48 - 2013-12-30 19:46 - 486277120 _____ C:\Users\Alexander Ley\Documents\lumix.iso
2013-12-30 19:40 - 2013-12-30 19:40 - 00001961 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-12-30 19:40 - 2013-12-30 19:40 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\Canneverbe Limited
2013-12-30 19:40 - 2013-12-30 19:40 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2013-12-30 19:40 - 2013-12-30 19:40 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-12-30 19:20 - 2013-12-30 19:17 - 00000000 ____D C:\Users\Alexander Ley\AppData\Local\Panasonic
2013-12-30 19:18 - 2013-12-30 19:18 - 00000000 ____D C:\ProgramData\Panasonic
2013-12-30 19:16 - 2013-12-30 19:16 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\InstallShield
2013-12-30 19:14 - 2013-12-30 19:14 - 00002222 _____ C:\Users\Public\Desktop\PHOTOfunSTUDIO 9.1 PE.lnk
2013-12-30 19:13 - 2013-12-30 19:13 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-12-30 19:13 - 2013-12-30 19:13 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-12-30 19:13 - 2013-12-30 19:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-12-30 19:13 - 2013-12-30 19:11 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-12-30 19:13 - 2012-10-23 05:31 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-12-30 19:13 - 2012-10-23 04:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-30 19:11 - 2013-12-30 19:11 - 00001930 _____ C:\Users\Public\Desktop\LUMIX Map Tool.lnk
2013-12-30 15:31 - 2012-10-23 04:18 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-12-30 15:29 - 2012-10-23 05:10 - 00000000 ____D C:\ProgramData\SAMSUNG
2013-12-24 11:53 - 2013-10-10 07:37 - 00000000 ____D C:\Users\Alexander Ley\AppData\Roaming\Skype
2013-12-24 11:09 - 2013-10-10 07:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-24 11:09 - 2013-10-10 07:37 - 00000000 ____D C:\ProgramData\Skype
2013-12-23 11:36 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\tracing
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 23:56
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Additional FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2014 01
Ran by Alexander Ley at 2014-01-22 18:31:33
Running from C:\Users\Alexander Ley\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Disabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Disabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Disabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
==================== Installed Programs ======================
1&1 Upload-Manager (x32 Version: 2.0.676 - 1&1 Internet AG)
Adobe Acrobat XI Pro (x32 Version: 11.0.05 - Adobe Systems)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8 - Adobe Systems Incorporated)
AllSharePlayLink (x32 Version: 1.0.0 - Samsung Electronics Co., Ltd.)
Boxcryptor Classic 1.6 (x32 Version: 1.6.401.81 - Secomba GmbH)
CCleaner (Version: 4.04 - Piriform)
CDBurnerXP (x32 Version: 4.5.2.4478 - CDBurnerXP)
COMODO Internet Security Premium (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Easy File Share (x32 Version: 1.3.4 - Samsung Electronics CO.,LTD.)
EPSON BX635FWD Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
EPSON Scan (x32 Version: - Seiko Epson Corporation)
ETDWare X64 11.7.18.2_WHQL (Version: 11.7.18.2 - ELAN Microelectronic Corp.)
ExpressCache (Version: 1.0.94 - Condusiv Technologies)
Fast Flash Sleep Resume (x32 Version: 1.1.1 - Samsung) Hidden
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HWiNFO64 Version 4.22 (Version: 4.22 - Martin Malík - REALiX)
Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11 - Intel)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 10.18.10.3304 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.8.0.0548 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software Driver (Version: 15.08.0000.0249 - Intel Corporation) Hidden
Intel(R) Rapid Start Technology (x32 Version: 2.1.0.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (x32 Version: 15.8.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 15.08.0000.0172 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Java 7 Update 51 (64-bit) (Version: 7.0.510 - Oracle)
JDownloader 2 (Version: 2.0 - AppWork GmbH)
LUMIX Map Tool (x32 Version: 1.1.0 - Panasonic Corporation)
LUMIX Map Tool (x32 Version: 1.1.0 - Panasonic Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PHOTOfunSTUDIO 9.1 PE (x32 Version: 9.01.709 - Panasonic Corporation)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (x32 Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.7055 - Realtek Semiconductor Corp.)
Recovery (x32 Version: 6.0.10.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.46 - Samsung Electronics CO., LTD.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Settings (x32 Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Support Center (Version: 2.1.1204 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.13 - Samsung Electronics CO., LTD.) Hidden
SW Update (x32 Version: 2.1.21 - Samsung Electronics CO., LTD.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
VirtualCloneDrive (x32 Version: - Elaborate Bytes)
VLC media player 2.0.8 (Version: 2.0.8 - VideoLAN)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
06-01-2014 22:23:47 Geplanter Prüfpunkt
15-01-2014 03:25:35 Geplanter Prüfpunkt
22-01-2014 09:55:07 Windows Update
==================== Hosts content: ==========================
2013-09-12 12:29 - 2013-09-12 12:29 - 00000896 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {07E0F7F9-A82A-41A9-8EDB-8834E2AAEA8C} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0BD1A906-8C04-4ADD-9115-B0CF701D0E0C} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {0C8EC26F-F063-4C0C-BF59-42E6F04BCBAD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: {13118317-AF37-4BBB-81BB-4CAEE130CB55} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: {14A74713-03E2-496E-9D6F-F7F5C88D5544} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2013-11-11] (COMODO)
Task: {1920FDC0-CF91-4CE7-9609-543AFC5D62EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-18] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2B2AFE9F-B543-4A64-8DE4-43A83CF76A6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: {2B546E67-C6F2-47A7-B696-7445612DE6D6} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {3189D7F4-1D97-4657-8A42-7820CFA32782} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-31] (Samsung Electronics CO., LTD.)
Task: {3527B788-7014-4B60-9AB7-0401481B0FAC} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-08-23] (SEC)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {87FE547A-B835-45AE-A331-2F10B22F9D33} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {91D4353E-04B0-4DBC-9B72-170335F0A6CA} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C221C824-C354-49BE-8A8B-4E5C70E9603F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {C3A70C81-6177-46B6-87A6-EB434244EF56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: {CD2A0E64-EC07-47EC-A699-16BD52FAB915} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DFF6E927-2B25-405F-BD5D-E52006418053} - System32\Tasks\FFSRConfigurer => C:\Program Files (x86)\Samsung\Fast Flash Sleep Resume\FFSRConfigurer.exe [2012-08-22] (Samsung)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E83E970D-0AB9-41C8-8D17-4B73E1EA4DFD} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-19] (Intel)
Task: {ED1807BA-E5D6-47B2-B138-012E62C34E7B} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-11-20] (COMODO)
Task: {F8FEFC20-B998-4297-B33A-772E0B863885} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-03 22:42 - 2013-10-03 22:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-31 15:44 - 2013-10-31 15:44 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2013-11-16 16:53 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Alexander Ley\AppData\Roaming\Dropbox\bin\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Der angeforderte Dienst wurde bereits gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 3797.53 MB
Available physical RAM: 2545.07 MB
Total Pagefile: 4821.53 MB
Available Pagefile: 2599.61 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:439.87 GB) (Free:294.92 GB) NTFS
Drive d: () (Removable) (Total:14.94 GB) (Free:14.73 GB) FAT32
Drive x: (Boxcryptor Classic) (Fixed) (Total:439.87 GB) (Free:294.92 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3FE702B4)
Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 22 GB) (Disk ID: DE1B40E7)
Partition: GPT Partition Type
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 03D6B7AD)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
==================== End Of Log ============================
Ich habe den obigen Beitrag editiert. Danke für die Mühe. Habe es schon vor einiger Zeit zu schätzen gewusst.  Ich habe die Malwaresoftware auch einmal über den Laptop laufen lassen. Da wurden, meiner Meinung nach, die gleichen Dateien beanstandet. Wie kann das sein? Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.22.09 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16476 Alexander Ley :: SAMSUNGNOTEBOOK [Administrator] 22.01.2014 20:10:10 mbam-log-2014-01-22 (20-10-10).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 209797 Laufzeit: 28 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0X2O1C0R2R1R -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von der_aaaaalex (22.01.2014 um 18:39 Uhr) |
|
22.01.2014, 23:46
| #6 |
| /// TB-Ausbilder | BSI Scan positiv Die FRST-Logs sehen bei beiden Rechnern gleich aus. Und die MBAM-Funde sind völlig harmloses Adware-Zeugs. Du kannst zur abschliessenden Kontrolle noch ESET-Scans machen: ESET Online Scanner
__________________ --> BSI Scan positiv |
|
23.01.2014, 16:49
| #7 |
| | BSI Scan positiv Hier der Scan mit ESET für den Laptop Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5adb8b240f0e5e4788aadf77f6322ede
# engine=16766
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-23 03:43:47
# local_time=2014-01-23 04:43:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=3074 16777213 100 84 65204 24447867 0 0
# compatibility_mode=5893 16776574 100 94 2773341 13325529 0 0
# scanned=182367
# found=0
# cleaned=0
# scan_time=6674
Werde den Scan vom PC erst heute Abend schaffen. |
|
23.01.2014, 19:47
| #8 | |
| /// TB-Ausbilder | BSI Scan positivZitat:
__________________ cheers, Leo |
|
25.01.2014, 13:45
| #9 |
| | BSI Scan positiv Es hat doch etwas länger gedauert. Hier ist der Bericht vom ESET für meinen PC, abgesehen von einem alten Trainer für ein Spiel (schäm), schien nichts zu sein. Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=542e7f2f0d0aec448b5eefe30ad3ddc9
# engine=16796
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-25 12:06:16
# local_time=2014-01-25 01:06:16 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=3074 16777213 100 84 102619 24607616 0 0
# compatibility_mode=5893 16776574 100 94 3887585 13485278 0 0
# scanned=62
# found=0
# cleaned=0
# scan_time=1
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=542e7f2f0d0aec448b5eefe30ad3ddc9
# engine=16796
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-25 12:37:02
# local_time=2014-01-25 01:37:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=3074 16777213 100 84 104465 24609462 0 0
# compatibility_mode=5893 16776574 100 94 3889431 13487124 0 0
# scanned=213233
# found=1
# cleaned=0
# scan_time=1813
sh=F5BCC243F9A55607A69C799412027FA165EA5271 ft=1 fh=cc1e0cf9e65c516e vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="C:\Users\alexa_000\Desktop\Spiele\ACIVBF+24Tr_LNG_v1.04.exe"
|
|
25.01.2014, 14:36
| #10 |
| /// TB-Ausbilder | BSI Scan positiv Ja das sieht nicht so aus, als wäre das Malware im Spiel (zumindest auf diesen beiden Rechnern).
__________________ cheers, Leo |
|
25.01.2014, 14:39
| #11 |
| | BSI Scan positiv Ich bedanke mich vielmals für die Hilfe. Nach der Klausurphase werde ich mich noch mal ein wenig in die Materie Viren/Malware Schutz einlesen. Bin zurzeit mit Comodo nicht so glücklich. |
|
| Themen zu BSI Scan positiv |
| administrator, anderes, anti-malware, autostart, code, dateien, e-mail, ebenfalls, email, eset, explorer, festgestellt, gehackt, gen, guten, log, malwarebytes, online, quarantäne, scan, scanner, software, speicher, verdacht, version |
Linear-Darstellung
