|
Log-Analyse und Auswertung: Virenfund beim Öffnen von Werfault.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.02.2014, 12:10 | #1 |
| Virenfund beim Öffnen von Werfault.exe Hallo, mein Antivirusprogramm (G Data InternetSecurity 2014) hat schon am 31.12.2013 beim Öffnen der Datei "C:\Windows\SysWOW64\WerFault.exe“ einen Virus (Gen:Trojan.Heur2.JP.yy2@aGno8Ydi) entdeckt und in Quarantäne verschoben. Da ich keine Informationen über diesen Trojaner gefunden habe und der Prozess WerFault.exe eigentlich ein Windows Prozess ist, bin ich mir nicht sicher was ich mit der Datei jetzt machen soll. Außerdem habe ich gelesen, dass Malware den Prozess dazu verwenden kann, um schädliche Aktionen auf dem Rechner durchzuführen. Ich habe die Datei schon zu G Data zur Überprüfung geschickt aber noch keine Rückmeldung erhalten. Ich hoffe, Ihr könnt mir helfen, herauszufinden, ob irgendwas auf meinem Notebook verändert wurde und ob ich noch Maleware oder Ähnliches auf meinem Rechner habe. Vielen Dank im Voraus und viele Grüße, Jup FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014 Ran by Willi (administrator) on WILLI-NOTEBOOK on 05-02-2014 11:33:00 Running from C:\Users\Willi\Desktop Windows 8.1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\System32\dasHost.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-09-13] (ELAN Microelectronics Corp.) HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7818040 2013-09-19] (Motorola Solutions, Inc.) HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG) HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com SearchScopes: HKLM - DefaultScope {216F2AAB-AC60-4908-BAF9-3DA6499FC0FE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM - {216F2AAB-AC60-4908-BAF9-3DA6499FC0FE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - DefaultScope {216F2AAB-AC60-4908-BAF9-3DA6499FC0FE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - {216F2AAB-AC60-4908-BAF9-3DA6499FC0FE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Willi\AppData\Roaming\Mozilla\Firefox\Profiles\v5w2edru.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WOT - C:\Users\Willi\AppData\Roaming\Mozilla\Firefox\Profiles\v5w2edru.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27] FF Extension: NoScript - C:\Users\Willi\AppData\Roaming\Mozilla\Firefox\Profiles\v5w2edru.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-05] FF Extension: Adblock Plus - C:\Users\Willi\AppData\Roaming\Mozilla\Firefox\Profiles\v5w2edru.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-11] ==================== Services (Whitelisted) ================= R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2562208 2013-10-15] (G Data Software AG) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-24] (Samsung Electronics CO., LTD.) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-06] (ELAN Microelectronics Corp.) R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies) R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2942808 2013-10-17] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] () S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-10-02] (G Data Software AG) R1 GDMnIcpt; C:\windows\system32\drivers\MiniIcpt.sys [130392 2013-10-02] (G Data Software AG) R3 GDPkIcpt; C:\windows\system32\drivers\PktIcpt.sys [64856 2013-10-02] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68440 2013-11-11] (G Data Software AG) R1 GRD; C:\windows\system32\drivers\GRD.sys [106272 2013-10-02] (G Data Software) R1 HookCentre; C:\windows\system32\drivers\HookCentre.sys [65368 2013-10-02] (G Data Software AG) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-11] (Microsoft Corporation) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-11] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-11] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-05 11:33 - 2014-02-05 11:33 - 00014200 _____ () C:\Users\Willi\Desktop\FRST.txt 2014-02-05 11:32 - 2014-02-05 11:33 - 00000000 ____D () C:\FRST 2014-02-05 11:32 - 2014-02-05 11:21 - 02080256 _____ (Farbar) C:\Users\Willi\Desktop\FRST64.exe 2014-02-05 11:24 - 2014-02-05 11:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-05 11:17 - 2014-02-05 11:17 - 00304227 _____ () C:\Users\Willi\Documents\Firefoxbookmarks20140205.html 2014-02-05 11:16 - 2014-02-05 11:17 - 17890696 _____ (Adobe Systems Incorporated) C:\Users\Willi\Downloads\install_flash_player.exe 2014-01-19 07:39 - 2014-01-19 07:39 - 00000000 ___SH () C:\DkHyperbootSync 2014-01-18 14:41 - 2014-02-05 11:09 - 00001502 _____ () C:\Users\Willi\Documents\G Data Protokoll ID 472.html 2014-01-16 17:08 - 2014-01-16 17:08 - 00004132 _____ () C:\Users\Willi\Documents\G Data Protokoll ID 552.html 2014-01-16 17:06 - 2014-01-16 17:06 - 00000826 _____ () C:\WINDOWS\PFRO.log 2014-01-16 15:14 - 2014-01-16 16:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-16 15:13 - 2014-01-16 15:13 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-01-16 15:12 - 2014-01-16 15:13 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Willi\Downloads\mbar-1.07.0.1008.exe 2014-01-16 14:56 - 2014-01-16 14:56 - 00005306 _____ () C:\Users\Willi\Documents\install.txt 2014-01-16 14:55 - 2014-01-16 14:55 - 00302626 _____ () C:\Users\Willi\Documents\bookmarks 16-01-2014.html 2014-01-16 14:54 - 2014-01-16 14:54 - 00094154 _____ () C:\Users\Willi\Documents\GDataSettings.gds 2014-01-15 20:55 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2014-01-15 20:55 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll 2014-01-15 20:55 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe 2014-01-15 20:55 - 2013-11-27 11:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll 2014-01-15 20:55 - 2013-11-27 10:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll 2014-01-15 20:55 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-01-15 20:55 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll 2014-01-15 20:55 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-01-15 20:55 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll 2014-01-15 20:55 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-01-15 20:55 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-01-12 18:52 - 2014-02-05 11:14 - 00000795 _____ () C:\WINDOWS\setupact.log 2014-01-12 18:52 - 2014-01-12 18:52 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-01-12 15:14 - 2014-01-12 15:14 - 00000114 ___RH () C:\Users\Willi\Downloads\Stinger.opt 2014-01-12 13:35 - 2014-01-12 15:13 - 00000856 _____ () C:\Users\Willi\Downloads\Stinger_12012014_133506.html 2014-01-12 13:31 - 2014-01-12 13:32 - 11530088 _____ (McAfee Inc) C:\Users\Willi\Downloads\stinger64.exe 2014-01-11 23:14 - 2014-01-11 23:14 - 00000000 ____D () C:\Users\Willi\Downloads\Quarantine 2014-01-11 23:13 - 2014-01-11 23:13 - 00148623 _____ () C:\Users\Willi\Downloads\Quarantine.zip 2014-01-11 21:51 - 2013-12-23 12:48 - 02347384 _____ (ESET) C:\Users\Willi\Downloads\esetsmartinstaller_enu.exe 2014-01-11 21:33 - 2014-01-11 21:33 - 00302626 _____ () C:\Users\Willi\Documents\bookmarks.html 2014-01-11 21:13 - 2014-01-11 21:13 - 00000037 _____ () C:\Users\Willi\AppData\Roaming\mbam.context.scan ==================== One Month Modified Files and Folders ======= 2014-02-05 11:33 - 2014-02-05 11:33 - 00014200 _____ () C:\Users\Willi\Desktop\FRST.txt 2014-02-05 11:33 - 2014-02-05 11:32 - 00000000 ____D () C:\FRST 2014-02-05 11:28 - 2013-12-11 16:23 - 01667308 _____ () C:\WINDOWS\WindowsUpdate.log 2014-02-05 11:25 - 2014-02-05 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-05 11:25 - 2013-08-17 09:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-05 11:22 - 2013-07-30 21:34 - 00000000 ____D () C:\Users\Willi\Documents\Outlook-Dateien 2014-02-05 11:21 - 2014-02-05 11:32 - 02080256 _____ (Farbar) C:\Users\Willi\Desktop\FRST64.exe 2014-02-05 11:18 - 2013-12-18 14:00 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-02-05 11:17 - 2014-02-05 11:17 - 00304227 _____ () C:\Users\Willi\Documents\Firefoxbookmarks20140205.html 2014-02-05 11:17 - 2014-02-05 11:16 - 17890696 _____ (Adobe Systems Incorporated) C:\Users\Willi\Downloads\install_flash_player.exe 2014-02-05 11:17 - 2013-12-18 14:00 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-02-05 11:14 - 2014-01-12 18:52 - 00000795 _____ () C:\WINDOWS\setupact.log 2014-02-05 11:11 - 2013-07-30 20:52 - 00000000 ____D () C:\ProgramData\WinClon 2014-02-05 11:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-02-05 11:09 - 2014-01-18 14:41 - 00001502 _____ () C:\Users\Willi\Documents\G Data Protokoll ID 472.html 2014-02-04 20:51 - 2013-08-01 21:14 - 00000000 ____D () C:\Users\Willi\AppData\Roaming\vlc 2014-02-02 19:08 - 2013-07-30 21:33 - 00000000 ____D () C:\Users\Willi\Documents\A, transfer 2014-01-30 20:45 - 2013-09-30 05:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-01-30 20:45 - 2013-09-30 04:56 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat 2014-01-30 20:45 - 2013-09-30 04:56 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat 2014-01-19 07:39 - 2014-01-19 07:39 - 00000000 ___SH () C:\DkHyperbootSync 2014-01-18 15:58 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-01-16 17:08 - 2014-01-16 17:08 - 00004132 _____ () C:\Users\Willi\Documents\G Data Protokoll ID 552.html 2014-01-16 17:06 - 2014-01-16 17:06 - 00000826 _____ () C:\WINDOWS\PFRO.log 2014-01-16 16:41 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-01-16 16:40 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-01-16 16:18 - 2014-01-16 15:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-16 16:01 - 2013-07-30 07:59 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2739015723-2927197382-1160632269-1001 2014-01-16 15:53 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports 2014-01-16 15:13 - 2014-01-16 15:13 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-01-16 15:13 - 2014-01-16 15:12 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Willi\Downloads\mbar-1.07.0.1008.exe 2014-01-16 15:00 - 2013-07-31 08:33 - 00000000 ____D () C:\Users\Willi\AppData\Local\Adobe 2014-01-16 14:56 - 2014-01-16 14:56 - 00005306 _____ () C:\Users\Willi\Documents\install.txt 2014-01-16 14:55 - 2014-01-16 14:55 - 00302626 _____ () C:\Users\Willi\Documents\bookmarks 16-01-2014.html 2014-01-16 14:54 - 2014-01-16 14:54 - 00094154 _____ () C:\Users\Willi\Documents\GDataSettings.gds 2014-01-15 21:29 - 2013-07-30 20:26 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-01-15 21:26 - 2013-07-30 19:50 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-01-12 18:52 - 2014-01-12 18:52 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-01-12 15:14 - 2014-01-12 15:14 - 00000114 ___RH () C:\Users\Willi\Downloads\Stinger.opt 2014-01-12 15:14 - 2013-12-18 12:21 - 00000000 ____D () C:\Program Files\stinger 2014-01-12 15:13 - 2014-01-12 13:35 - 00000856 _____ () C:\Users\Willi\Downloads\Stinger_12012014_133506.html 2014-01-12 13:32 - 2014-01-12 13:31 - 11530088 _____ (McAfee Inc) C:\Users\Willi\Downloads\stinger64.exe 2014-01-12 01:10 - 2013-12-29 19:27 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-01-12 01:10 - 2013-12-11 16:01 - 00000000 ___DC () C:\WINDOWS\Panther 2014-01-12 01:10 - 2013-07-30 15:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-01-11 23:14 - 2014-01-11 23:14 - 00000000 ____D () C:\Users\Willi\Downloads\Quarantine 2014-01-11 23:13 - 2014-01-11 23:13 - 00148623 _____ () C:\Users\Willi\Downloads\Quarantine.zip 2014-01-11 21:33 - 2014-01-11 21:33 - 00302626 _____ () C:\Users\Willi\Documents\bookmarks.html 2014-01-11 21:13 - 2014-01-11 21:13 - 00000037 _____ () C:\Users\Willi\AppData\Roaming\mbam.context.scan 2014-01-11 21:11 - 2013-12-11 16:08 - 00000000 ____D () C:\Users\Willi 2014-01-11 19:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-01-07 21:00 - 2013-08-12 19:22 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-31 14:50 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2014 Ran by Willi at 2014-02-05 11:34:12 Running from C:\Users\Willi\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: G Data InternetSecurity 2014 (Disabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: G Data InternetSecurity 2014 (Disabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B} ==================== Installed Programs ====================== Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32 Version: - ) Canon MP Navigator EX 4.0 (x32 Version: - ) CanoScan LiDE 110 Scanner Driver (Version: - ) CCleaner (Version: 4.04 - Piriform) CVE-2013-3893 (Version: - ) ETDWare X64 11.7.18.2_WHQL (Version: 11.7.18.2 - ELAN Microelectronic Corp.) ExpressCache (Version: 1.0.94 - Condusiv Technologies) G Data InternetSecurity 2014 (x32 Version: 24.0.3.4 - G Data Software AG) Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.1.0.36960 - Intel Corporation) Intel(R) Management Engine Components (x32 Version: 9.5.15.1730 - Intel Corporation) Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden Intel(R) Processor Graphics (x32 Version: 10.18.10.3304 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Start Technology (x32 Version: 2.1.0.1002 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden Intel® PROSet/Wireless Software (x32 Version: 16.1.5 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 27.0 (x86 de) (x32 Version: 27.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 27.0 - Mozilla) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation) Realtek Ethernet Controller Driver (x32 Version: 8.19.726.2013 - Realtek) Realtek High Definition Audio Driver (x32 Version: 6.0.1.7055 - Realtek Semiconductor Corp.) Recovery (x32 Version: 6.0.10.0 - Samsung Electronics CO., LTD.) S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Settings (x32 Version: 2.0.0 - Samsung Electronics CO., LTD.) Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited) SRWare Iron Version SRWare Iron 31.0.1700.0 (x32 Version: SRWare Iron 31.0.1700.0 - SRWare) Steam (x32 Version: - Valve Corporation) SW Update (x32 Version: 2.1.21 - Samsung Electronics CO., LTD.) VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN) Windows-Treiberpaket - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.) ==================== Restore Points ========================= 15-01-2014 20:25:52 Windows Update 23-01-2014 20:09:37 Geplanter Prüfpunkt 04-02-2014 19:57:07 Windows Update ==================== Hosts content: ========================== 2012-07-26 06:26 - 2013-12-30 13:20 - 00450660 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {5201EBD4-8F80-41BA-90D3-F524FA7FBAFD} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-24] (Samsung Electronics CO., LTD.) Task: {582F3E35-AA5A-4134-A2F8-88BE13DFCE6C} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe Task: {5DC41FAB-B198-45EA-B7B4-AA30EB13C90E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {68665A2D-B5F7-4E67-A428-52BF82C05FF3} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7AC893F1-843B-4892-9113-997600B7C3B0} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.) Task: {859A0556-9E54-4A79-AF76-A332DFFD7B93} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-15] (Microsoft Corporation) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8C872DDA-EB05-41AA-ABDD-D045D9BF75E4} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-08-23] (SEC) Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {C10801EB-5CEE-488D-9466-DDCDC8E81565} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {FE01A3D9-D3F1-4D1B-A96F-882E8CC640E2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-03 23:42 - 2013-10-03 23:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-10-16 18:15 - 2013-10-16 18:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll 2013-12-18 13:22 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2012-08-24 19:45 - 2012-08-24 19:45 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2012-08-24 19:45 - 2012-08-24 19:45 - 01016440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2012-08-24 19:45 - 2012-08-24 19:45 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2012-08-24 19:45 - 2012-08-24 19:45 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2012-08-24 19:45 - 2012-08-24 19:45 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2012-08-24 19:45 - 2012-08-24 19:45 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2012-08-24 19:45 - 2012-08-24 19:45 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2012-08-24 19:45 - 2012-08-24 19:45 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2012-08-24 19:45 - 2012-08-24 19:45 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/02/2014 05:44:10 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (01/31/2014 02:50:15 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (01/30/2014 02:33:33 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (01/29/2014 09:34:08 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (01/25/2014 09:40:42 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (01/23/2014 09:08:33 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (01/22/2014 09:27:53 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest. Error: (01/18/2014 08:38:09 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (01/18/2014 10:11:56 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (01/16/2014 03:53:56 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.16441, Zeitstempel: 0x5265dec8 Name des fehlerhaften Moduls: igd10iumd64.dll, Version: 10.18.10.3304, Zeitstempel: 0x522e0601 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000cd84 ID des fehlerhaften Prozesses: 0x1348 Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5 System errors: ============= Error: (02/05/2014 11:11:00 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (02/04/2014 08:57:32 PM) (Source: DCOM) (User: Willi-Notebook) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/04/2014 08:57:32 PM) (Source: DCOM) (User: Willi-Notebook) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (02/04/2014 08:45:33 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (02/02/2014 05:44:52 PM) (Source: DCOM) (User: Willi-Notebook) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (02/02/2014 05:44:22 PM) (Source: DCOM) (User: Willi-Notebook) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/02/2014 04:45:08 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (02/02/2014 07:41:00 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (01/31/2014 01:27:28 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (01/30/2014 09:01:40 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Microsoft Office Sessions: ========================= Error: (02/02/2014 05:44:10 PM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8 Error: (01/31/2014 02:50:15 PM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8 Error: (01/30/2014 02:33:33 PM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8 Error: (01/29/2014 09:34:08 PM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8 Error: (01/25/2014 09:40:42 AM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8 Error: (01/23/2014 09:08:33 PM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8 Error: (01/22/2014 09:27:53 PM) (Source: SideBySide)(User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\Willi\Downloads\esetsmartinstaller_enu.exe Error: (01/18/2014 08:38:09 PM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8 Error: (01/18/2014 10:11:56 AM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8 Error: (01/16/2014 03:53:56 PM) (Source: Application Error)(User: ) Description: Explorer.EXE6.3.9600.164415265dec8igd10iumd64.dll10.18.10.3304522e0601c0000005000000000000cd84134801cf12c216bf32e2C:\WINDOWS\Explorer.EXEC:\WINDOWS\SYSTEM32\igd10iumd64.dll05926e3e-7ebe-11e3-becf-c48508c6c74d ==================== Memory info =========================== Percentage of memory in use: 41% Total physical RAM: 5845.53 MB Available physical RAM: 3414.71 MB Total Pagefile: 6885.53 MB Available Pagefile: 3951.8 MB Total Virtual: 131072 MB Available Virtual: 131071.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:441.69 GB) (Free:399.29 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 1C1CBB20) Partition: GPT Partition Type ======================================================== Disk: 1 (Size: 22 GB) (Disk ID: 13A9AAFA) Partition: GPT Partition Type ==================== End Of Log ============================ Malwarebytes Protokoll vom 29.12.2013 Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.29.05 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16476 Willi :: WILLI-NOTEBOOK [Administrator] 29.12.2013 22:41:45 mbam-log-2013-12-29 (22-41-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 309384 Laufzeit: 36 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
05.02.2014, 12:18 | #2 |
/// the machine /// TB-Ausbilder | Virenfund beim Öffnen von Werfault.exe Hi,
__________________lass die Datei mal bei ww.virustotal.com scannen. Ich tippe mal auf ne Erkennung von 0/47
__________________ |
05.02.2014, 12:28 | #3 |
| Virenfund beim Öffnen von Werfault.exe Hallo,
__________________danke für die schnelle Antwort. Ich habe die Datei bei virustotal scannen lassen und es kam eine Erkennungsrate von 0/51 raus. Heißt das jetzt, dass es sich wahrscheinlich um eine Fehlerkennung meines Virenprogrammes handelt? Gruß Jup |
06.02.2014, 09:35 | #4 |
/// the machine /// TB-Ausbilder | Virenfund beim Öffnen von Werfault.exe genau das heisst es
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.02.2014, 17:16 | #5 |
| Virenfund beim Öffnen von Werfault.exe Hört sich ja gut an. Dann kann ich die Datei wieder aus der Quarantäne holen. Danke für die schnelle Hilfe. Gruß Jup |
07.02.2014, 16:34 | #6 |
/// the machine /// TB-Ausbilder | Virenfund beim Öffnen von Werfault.exe Gern Geschehen
__________________ --> Virenfund beim Öffnen von Werfault.exe |
Themen zu Virenfund beim Öffnen von Werfault.exe |
adobe, browser, canon, defender, excel, explorer, fehler, firewall, flash player, homepage, keine rückmeldung, maleware, malware, mozilla, prozess, registry, rojaner gefunden, rundll, safer networking, scan, security, services.exe, software, svchost.exe, system, trojaner, windows, winlogon.exe |