| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Link geklickt - bin ich infiziert? http://civg.org/mynews.phpWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.02.2014, 22:16
| #1 |
| |  Link geklickt - bin ich infiziert? http://civg.org/mynews.php Hallo, leider habe ich in geistiger Übernachtung auf folgenden Link in eine Mail geklickt: hxxp://civg.org/mynews.php Die Mail stammt von einem Freund der mir wenig später mitgeteilt hat, dass sein Account geknackt wurde. Malwarebytes hat nichts gefunden. Weiss jemand was passiert ist? Was sollte ich tun? VG |
|
07.02.2014, 07:06
| #2 |
| /// the machine /// TB-Ausbilder    | Link geklickt - bin ich infiziert? http://civg.org/mynews.php hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
07.02.2014, 20:37
| #3 |
| | Link geklickt - bin ich infiziert? http://civg.org/mynews.php FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by Sascha (administrator) on SASCHA-NB on 07-02-2014 20:33:57
Running from C:\Users\Sascha\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Microsoft Corporation) \\?\C:\WINDOWS\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-09-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_SRSSA] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-26] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7818040 2013-09-19] (Motorola Solutions, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-02] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4037484555-1256332922-3571885680-1001\...\Run: [Quick Starter] - C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [2338352 2013-09-25] (Samsung Electronics CO., LTD.)
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8AC727E068F0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\nhx50698.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: synology.com/SSWebPlugin - C:\Users\Sascha\AppData\Roaming\Synology\SSWebPlugin\1.0.0.39\npSSWebPlugin.dll (Synology)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-15]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-23]
CHR Extension: (Google Drive) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-23]
CHR Extension: (YouTube) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-23]
CHR Extension: (Google-Suche) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-23]
CHR Extension: (avast! Online Security) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-23]
CHR Extension: (Google Wallet) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-23]
CHR Extension: (Google Mail) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-15]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-02] (AVAST Software)
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-02-28] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-06] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55720 2012-12-21] (Condusiv Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [78648 2014-01-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [92544 2013-12-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-15] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1034464 2014-01-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [422216 2014-01-02] (AVAST Software)
R3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [79672 2014-01-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-02] ()
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22832 2013-07-24] (ELAN Microelectronic Corp.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [29096 2012-12-21] (Condusiv Technologies)
R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104872 2012-12-21] (Condusiv Technologies)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-13] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-07 20:33 - 2014-02-07 20:34 - 00018327 _____ () C:\Users\Sascha\Downloads\FRST.txt
2014-02-07 20:33 - 2014-02-07 20:33 - 00000000 ____D () C:\FRST
2014-02-07 20:32 - 2014-02-07 20:32 - 05487040 _____ (Microsoft Corporation) C:\Users\Sascha\Downloads\Windows8-Setup.exe
2014-02-07 20:32 - 2014-02-07 20:32 - 02079744 _____ (Farbar) C:\Users\Sascha\Downloads\FRST64.exe
2014-02-06 22:12 - 2014-02-07 20:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-06 05:36 - 2014-02-06 05:36 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-06 05:36 - 2014-02-06 05:36 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Malwarebytes
2014-02-06 05:36 - 2014-02-06 05:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-06 05:36 - 2014-02-06 05:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-06 05:36 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-06 05:34 - 2014-02-06 05:34 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sascha\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-06 05:31 - 2014-02-06 05:55 - 627884032 _____ () C:\Users\Sascha\Downloads\rescue-system.iso
2014-02-05 21:44 - 2014-02-05 21:44 - 05192704 _____ (Geza Kovacs) C:\Users\Sascha\Downloads\unetbootin-windows-585.exe
2014-02-05 21:02 - 2014-02-05 21:16 - 340465664 _____ () C:\Users\Sascha\Downloads\kav_rescue_1032.iso
2014-02-05 00:03 - 2014-02-05 00:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-01 16:29 - 2014-02-01 16:29 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-01-31 23:49 - 2014-01-31 23:49 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack
2014-01-31 23:48 - 2014-01-31 23:48 - 10197104 _____ (CCCP Project ) C:\Users\Sascha\Downloads\Combined-Community-Codec-Pack-2014-01-17.exe
2014-01-26 19:32 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-01-26 19:32 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-01-26 19:32 - 2013-11-27 09:20 - 04106240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-26 19:32 - 2013-11-26 11:13 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-26 19:32 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-01-26 19:32 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-26 19:32 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-26 19:32 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-26 19:32 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-26 19:31 - 2013-12-11 08:55 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-26 19:31 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-01-26 19:31 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-01-26 19:31 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-01-26 19:31 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-01-26 19:31 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-01-26 19:31 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-01-26 19:31 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-01-26 19:31 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-01-26 19:31 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-01-26 19:31 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-01-26 19:31 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-01-26 19:31 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-01-26 19:31 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-01-26 19:31 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-01-26 19:31 - 2013-11-27 05:01 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-01-26 19:31 - 2013-11-26 14:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-01-26 19:31 - 2013-11-26 14:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-01-26 19:31 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-01-26 19:31 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-01-26 19:31 - 2013-11-26 12:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-01-26 19:31 - 2013-11-26 12:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-01-26 19:31 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-01-26 19:31 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-01-26 19:31 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-01-26 19:31 - 2013-11-25 02:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-01-26 19:31 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-01-26 19:31 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-01-26 19:31 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-01-26 19:31 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-01-26 19:31 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-01-26 19:31 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-01-26 19:31 - 2013-11-23 08:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-01-26 19:31 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-01-26 19:31 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-01-26 19:31 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-01-26 19:31 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-01-26 19:31 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-01-26 19:31 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-01-26 19:31 - 2013-11-16 06:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-01-26 19:31 - 2013-11-15 19:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-01-26 19:31 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-01-26 19:31 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-01-26 19:31 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-01-26 19:31 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-01-26 19:31 - 2013-11-05 21:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-01-26 19:31 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-01-26 19:31 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-01-26 16:33 - 2014-01-26 16:33 - 06072408 _____ (TeamViewer GmbH) C:\Users\Sascha\Downloads\TeamViewer_Setup_de.exe
2014-01-25 12:46 - 2014-01-19 14:33 - 16515072 _____ () C:\Users\Sascha\Downloads\AAF_M25712_g4928_ufs910_update_titan_v1-48_p211_P2-FFM_M2_FULL_nodebug.img
2014-01-18 18:56 - 2014-01-18 18:56 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-18 18:56 - 2014-01-18 18:56 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-18 18:56 - 2014-01-18 18:56 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-01-18 18:56 - 2014-01-18 18:56 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-18 18:56 - 2014-01-18 18:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-18 18:54 - 2014-01-18 18:55 - 29141928 _____ (Oracle Corporation) C:\Users\Sascha\Downloads\jre-7u51-windows-i586.exe
2014-01-18 18:54 - 2014-01-18 18:54 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-18 18:54 - 2014-01-18 18:54 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-18 18:54 - 2014-01-18 18:54 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-18 18:54 - 2014-01-18 18:54 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-01-18 18:54 - 2014-01-18 18:54 - 00000000 ____D () C:\Program Files\Java
2014-01-18 18:52 - 2014-01-18 18:53 - 30796712 _____ (Oracle Corporation) C:\Users\Sascha\Downloads\jre-7u51-windows-x64.exe
2014-01-18 18:52 - 2014-01-18 18:52 - 01977432 _____ () C:\Users\Sascha\Downloads\winrar-x64-501.exe
2014-01-16 23:01 - 2014-02-03 21:12 - 00001003 _____ () C:\Users\Sascha\Documents\MailShield.der
2014-01-15 21:29 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 21:29 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 21:29 - 2013-11-27 11:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 21:29 - 2013-11-27 10:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-15 21:29 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 21:29 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 21:29 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 21:29 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-15 21:29 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 21:29 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-15 21:28 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
==================== One Month Modified Files and Folders =======
2014-02-07 20:34 - 2014-02-07 20:33 - 00018327 _____ () C:\Users\Sascha\Downloads\FRST.txt
2014-02-07 20:33 - 2014-02-07 20:33 - 00000000 ____D () C:\FRST
2014-02-07 20:32 - 2014-02-07 20:32 - 05487040 _____ (Microsoft Corporation) C:\Users\Sascha\Downloads\Windows8-Setup.exe
2014-02-07 20:32 - 2014-02-07 20:32 - 02079744 _____ (Farbar) C:\Users\Sascha\Downloads\FRST64.exe
2014-02-07 20:31 - 2013-12-23 15:50 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-07 20:31 - 2013-09-30 05:14 - 01984356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-07 20:31 - 2013-09-30 04:56 - 00843606 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-07 20:31 - 2013-09-30 04:56 - 00192300 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-07 20:30 - 2013-12-23 18:54 - 01077771 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-07 20:29 - 2014-02-06 22:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-07 20:29 - 2013-12-23 15:49 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-07 20:29 - 2013-11-12 20:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-07 20:29 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-06 22:18 - 2013-12-03 21:47 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{462566CF-4A4D-4D92-B7F2-BC6471018D81}
2014-02-06 22:04 - 2013-11-12 20:43 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4037484555-1256332922-3571885680-1001
2014-02-06 22:01 - 2013-12-23 15:49 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-06 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-06 05:55 - 2014-02-06 05:31 - 627884032 _____ () C:\Users\Sascha\Downloads\rescue-system.iso
2014-02-06 05:46 - 2013-11-12 22:21 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-06 05:36 - 2014-02-06 05:36 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-06 05:36 - 2014-02-06 05:36 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Malwarebytes
2014-02-06 05:36 - 2014-02-06 05:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-06 05:36 - 2014-02-06 05:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-06 05:34 - 2014-02-06 05:34 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sascha\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-05 21:44 - 2014-02-05 21:44 - 05192704 _____ (Geza Kovacs) C:\Users\Sascha\Downloads\unetbootin-windows-585.exe
2014-02-05 21:44 - 2014-01-02 21:49 - 00041984 ___SH () C:\Users\Sascha\Downloads\Thumbs.db
2014-02-05 21:41 - 2013-12-23 18:54 - 00016940 _____ () C:\WINDOWS\setupact.log
2014-02-05 21:16 - 2014-02-05 21:02 - 340465664 _____ () C:\Users\Sascha\Downloads\kav_rescue_1032.iso
2014-02-05 00:03 - 2014-02-05 00:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-04 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-04 21:46 - 2013-11-12 22:21 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-03 21:25 - 2013-11-16 10:27 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Skype
2014-02-03 21:12 - 2014-01-16 23:01 - 00001003 _____ () C:\Users\Sascha\Documents\MailShield.der
2014-02-02 20:51 - 2014-01-02 12:16 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\vlc
2014-02-01 16:29 - 2014-02-01 16:29 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-02-01 08:47 - 2014-01-02 12:11 - 00000887 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-01-31 23:49 - 2014-01-31 23:49 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack
2014-01-31 23:48 - 2014-01-31 23:48 - 10197104 _____ (CCCP Project ) C:\Users\Sascha\Downloads\Combined-Community-Codec-Pack-2014-01-17.exe
2014-01-31 05:19 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-01-30 21:47 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 21:47 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-27 23:33 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-01-26 23:09 - 2013-11-12 20:37 - 00000000 ___RD () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-26 23:09 - 2013-11-12 20:37 - 00000000 ___RD () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-26 23:09 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-01-26 23:09 - 2013-08-22 15:44 - 00410640 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-26 23:09 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-01-26 23:09 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-01-26 19:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-01-26 19:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-01-26 19:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-01-26 19:22 - 2013-11-12 22:38 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-26 19:21 - 2013-11-12 22:38 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-26 16:33 - 2014-01-26 16:33 - 06072408 _____ (TeamViewer GmbH) C:\Users\Sascha\Downloads\TeamViewer_Setup_de.exe
2014-01-25 12:31 - 2013-11-16 10:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-25 12:31 - 2013-11-16 10:27 - 00000000 ____D () C:\ProgramData\Skype
2014-01-25 02:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-01-19 20:08 - 2014-01-05 20:34 - 00009207 _____ () C:\Users\Sascha\Documents\stromverbrauch.xlsx
2014-01-19 14:33 - 2014-01-25 12:46 - 16515072 _____ () C:\Users\Sascha\Downloads\AAF_M25712_g4928_ufs910_update_titan_v1-48_p211_P2-FFM_M2_FULL_nodebug.img
2014-01-18 20:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-18 18:56 - 2014-01-18 18:56 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-18 18:56 - 2014-01-18 18:56 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-18 18:56 - 2014-01-18 18:56 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-01-18 18:56 - 2014-01-18 18:56 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-18 18:56 - 2014-01-18 18:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-18 18:56 - 2013-11-12 20:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-18 18:55 - 2014-01-18 18:54 - 29141928 _____ (Oracle Corporation) C:\Users\Sascha\Downloads\jre-7u51-windows-i586.exe
2014-01-18 18:54 - 2014-01-18 18:54 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-18 18:54 - 2014-01-18 18:54 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-18 18:54 - 2014-01-18 18:54 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-18 18:54 - 2014-01-18 18:54 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-01-18 18:54 - 2014-01-18 18:54 - 00000000 ____D () C:\Program Files\Java
2014-01-18 18:53 - 2014-01-18 18:52 - 30796712 _____ (Oracle Corporation) C:\Users\Sascha\Downloads\jre-7u51-windows-x64.exe
2014-01-18 18:53 - 2013-11-17 19:58 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-18 18:53 - 2013-11-17 19:58 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-18 18:52 - 2014-01-18 18:52 - 01977432 _____ () C:\Users\Sascha\Downloads\winrar-x64-501.exe
2014-01-18 18:32 - 2013-11-12 22:20 - 00000000 ____D () C:\Users\Sascha\AppData\Local\Adobe
2014-01-13 22:48 - 2013-12-23 19:02 - 00001894 _____ () C:\WINDOWS\PFRO.log
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-06 04:55
==================== End Of Log ============================
--- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2014
Ran by Sascha at 2014-02-07 20:34:19
Running from C:\Users\Sascha\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
AllSharePlayLink (x32 Version: 1.0.0 - Samsung Electronics Co., Ltd.)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Königsedition (x32 Version: 3.10.0000 - Ubisoft)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0226.1356.24951 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.09 - Piriform)
Combined Community Codec Pack 2014-01-17 (x32 Version: 2014.01.17.0 - CCCP Project)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
diclovit's mod pack 1.9.0 (x32 Version: 1.9.0 - diclovit)
ETDWare X64 11.7.19.9_WHQL (Version: 11.7.19.9 - ELAN Microelectronic Corp.)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HomeSync Lite (x32 Version: 1.1.0.32 - Samsung Electronics CO., LTD.)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 9.5.15.1730 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel(R) Processor Graphics (x32 Version: 10.18.10.3304 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.1.1.0084 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (x32 Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
IntelliMemory (Version: 1.0.32.0 - Condusiv Technologies)
Java 7 Update 51 (64-bit) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lexware Info Service (x32 Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0 (x86 de) (x32 Version: 27.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 24.3.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (x32 Version: 24.3.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
Phone Screen Sharing (x32 Version: 2.0.0.18 - RSUPPORT)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quick Starter (Version: 1.0.2 - Samsung Electronics CO., LTD.)
Realtek Card Reader (x32 Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (x32 Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.7055 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.46 - Samsung Electronics CO., LTD.) Hidden
Samsung Magician (x32 Version: 4.3.0 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Settings (x32 Version: 2.0.1 - Samsung Electronics CO., LTD.)
SideSync (x32 Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SRS Premium Sound (x32 Version: 1.00.4700 - DTS, Inc.)
SSWebPlugin (x32 Version: 1.0.0.39 - Synology)
Support Center (Version: 2.1.1202 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.12 - Samsung Electronics CO., LTD.) Hidden
SW Update (x32 Version: 2.1.21 - Samsung Electronics CO., LTD.)
TAXMAN 2011 (x32 Version: 17.08.00.0011 - Haufe-Lexware GmbH & Co.KG)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
WinRAR 5.01 (64-bit) (Version: 5.01.0 - win.rar GmbH)
World of Tanks (x32 Version: - Wargaming.net)
==================== Restore Points =========================
21-01-2014 22:22:46 Windows Update
25-01-2014 12:04:54 Windows Update
04-02-2014 22:45:01 Windows Update
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {375B3BAC-34C0-49E5-AFDF-1F9525E59C69} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {42A9DDF8-B2F6-42C2-A80A-6904E51249BE} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-31] (Samsung Electronics CO., LTD.)
Task: {436CF68A-2DCF-465A-B3A4-8DB417F9211E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {58A4558F-5438-4981-8D1F-6AC265DE625C} - System32\Tasks\SamsungHomeSyncPC => C:\Program Files (x86)\Samsung\HomeSync Lite\RefreshToken.exe [2013-11-06] ()
Task: {5F36A12B-77C1-46AA-83F6-72194E651024} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {687CF1BB-275A-4DC3-BADC-A4D069CA643E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {945B1139-2D54-449A-9535-AE18E4ECEBBA} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2013-02-28] (Samsung Electronics CO., LTD.)
Task: {9929A847-B118-4D10-8500-97DAC0A392E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C2BCE06C-8644-4FF8-8610-2D9A797D8042} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-02] (AVAST Software)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E2465E0C-AB30-449D-A7BF-2F8ECECDB2ED} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-26] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FB7E7925-0F29-416E-A1FD-F881C5AB1B19} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-03 23:42 - 2013-10-03 23:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-31 15:44 - 2013-10-31 15:44 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2014-02-06 21:00 - 2014-02-06 20:30 - 02168320 _____ () C:\Program Files\AVAST Software\Avast\defs\14020601\algo.dll
2014-02-07 20:30 - 2014-02-07 19:49 - 02171904 _____ () C:\Program Files\AVAST Software\Avast\defs\14020701\algo.dll
2013-02-28 17:03 - 2013-02-28 17:03 - 00029232 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2013-02-28 17:03 - 2013-02-28 17:03 - 01121328 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2013-02-28 17:03 - 2013-02-28 17:03 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2013-02-28 17:03 - 2013-02-28 17:03 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2013-02-28 17:03 - 2013-02-28 17:03 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2013-02-28 17:03 - 2013-02-28 17:03 - 00027184 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2013-02-28 17:03 - 2013-02-28 17:03 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2013-02-28 17:03 - 2013-02-28 17:03 - 00060976 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2013-02-28 17:03 - 2013-02-28 17:03 - 00103472 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2014-02-05 00:03 - 2014-02-05 00:03 - 03583600 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-06 22:12 - 2014-02-06 22:12 - 03019376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-02-06 22:12 - 2014-02-06 22:12 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-02-06 22:12 - 2014-02-06 22:12 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-12-15 20:21 - 2013-12-15 20:21 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-14 23:24 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/06/2014 06:23:54 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 2.1.21.0, Zeitstempel: 0x526518c7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x16b0
Startzeit der fehlerhaften Anwendung: 0xSWMAgent.exe0
Pfad der fehlerhaften Anwendung: SWMAgent.exe1
Pfad des fehlerhaften Moduls: SWMAgent.exe2
Berichtskennung: SWMAgent.exe3
Vollständiger Name des fehlerhaften Pakets: SWMAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SWMAgent.exe5
Error: (02/06/2014 06:23:54 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: EasyLauncher.exe, Version: 2.0.0.10, Zeitstempel: 0x512ef8da
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x838
Startzeit der fehlerhaften Anwendung: 0xEasyLauncher.exe0
Pfad der fehlerhaften Anwendung: EasyLauncher.exe1
Pfad des fehlerhaften Moduls: EasyLauncher.exe2
Berichtskennung: EasyLauncher.exe3
Vollständiger Name des fehlerhaften Pakets: EasyLauncher.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: EasyLauncher.exe5
Error: (02/06/2014 04:55:47 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Das Volume "Wiederherstellung" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (02/05/2014 11:01:21 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client has failed to start
Error: (02/05/2014 09:54:52 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client has failed to start
Error: (02/05/2014 09:36:55 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client has failed to start
Error: (02/04/2014 09:41:31 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client has failed to start
Error: (02/02/2014 08:20:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IntelliMem.exe, Version: 1.0.32.0, Zeitstempel: 0x50d4991a
Name des fehlerhaften Moduls: IM.dll, Version: 1.0.32.0, Zeitstempel: 0x50d49912
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000003f9e
ID des fehlerhaften Prozesses: 0x22c
Startzeit der fehlerhaften Anwendung: 0xIntelliMem.exe0
Pfad der fehlerhaften Anwendung: IntelliMem.exe1
Pfad des fehlerhaften Moduls: IntelliMem.exe2
Berichtskennung: IntelliMem.exe3
Vollständiger Name des fehlerhaften Pakets: IntelliMem.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IntelliMem.exe5
Error: (02/01/2014 05:55:14 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Das Volume "Wiederherstellung" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (01/31/2014 05:20:06 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client has failed to start
System errors:
=============
Error: (02/07/2014 08:29:32 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (02/07/2014 08:29:39 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 06.02.2014 um 20:59:24 unerwartet heruntergefahren.
Error: (02/06/2014 09:59:53 PM) (Source: disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (02/06/2014 09:12:24 PM) (Source: disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (02/06/2014 09:05:26 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/06/2014 04:56:33 AM) (Source: DCOM) (User: Sascha-NB)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (02/06/2014 04:56:03 AM) (Source: DCOM) (User: Sascha-NB)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (02/05/2014 11:55:04 PM) (Source: DCOM) (User: Sascha-NB)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (02/05/2014 10:53:55 PM) (Source: disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
Error: (02/05/2014 10:27:02 PM) (Source: disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
Microsoft Office Sessions:
=========================
Error: (02/06/2014 06:23:54 AM) (Source: Application Error)(User: )
Description: SWMAgent.exe2.1.21.0526518c7unknown0.0.0.000000000c00000050000000016b001cf22c41f798aefC:\ProgramData\Samsung\SW Update Service\SWMAgent.exeunknownde46a9c4-8eee-11e3-bea8-b4b676647a52
Error: (02/06/2014 06:23:54 AM) (Source: Application Error)(User: )
Description: EasyLauncher.exe2.0.0.10512ef8daunknown0.0.0.000000000c00000050000000083801cf22c3d6553821C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exeunknownde44475f-8eee-11e3-bea8-b4b676647a52
Error: (02/06/2014 04:55:47 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: WiederherstellungFalscher Parameter. (0x80070057)
Error: (02/05/2014 11:01:21 PM) (Source: ATIeRecord)(User: )
Description:
Error: (02/05/2014 09:54:52 PM) (Source: ATIeRecord)(User: )
Description:
Error: (02/05/2014 09:36:55 PM) (Source: ATIeRecord)(User: )
Description:
Error: (02/04/2014 09:41:31 PM) (Source: ATIeRecord)(User: )
Description:
Error: (02/02/2014 08:20:01 PM) (Source: Application Error)(User: )
Description: IntelliMem.exe1.0.32.050d4991aIM.dll1.0.32.050d49912c00000050000000000003f9e22c01cf1e3bb81257e5C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exeC:\Program Files\Condusiv Technologies\IntelliMemory\IM.dll02d2793d-8c3f-11e3-be9e-b4b676647a52
Error: (02/01/2014 05:55:14 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: WiederherstellungFalscher Parameter. (0x80070057)
Error: (01/31/2014 05:20:06 AM) (Source: ATIeRecord)(User: )
Description:
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 8076.79 MB
Available physical RAM: 5930.44 MB
Total Pagefile: 9356.79 MB
Available Pagefile: 7216 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.37 GB) (Free:169.25 GB) NTFS
Drive e: () (Removable) (Total:3.79 GB) (Free:2.85 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 00000000)
Partition: GPT Partition Type
========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 054C884D)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
==================== End Of Log ============================
|
|
08.02.2014, 15:04
| #4 |
| /// the machine /// TB-Ausbilder | Link geklickt - bin ich infiziert? http://civg.org/mynews.php Sieht gut aus, Probleme mit dem Rechner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.02.2014, 09:35
| #5 |
| | Link geklickt - bin ich infiziert? http://civg.org/mynews.php Hallo Schrauber, nicht direkt. Eingebildet habe ich mir allerdings, dass das Internet langsamer geworden ist. Bei Youtube kam es zu ruckelnden Videos. Die sonst durchgelaufen sind. Daher habe ich gestern den Rechner neu aufgesetzt. War mir einfach sicherer. Vielen Dank für Deine Hilfe. Panictiger p.s.: gewusst hätte ich ja schon gerne was genau passiert, wenn der Link ausgeführt wird. |
|
09.02.2014, 17:20
| #6 |
| /// the machine /// TB-Ausbilder | Link geklickt - bin ich infiziert? http://civg.org/mynews.php Das kann nur der Schreiberling der Seite beantworten 
__________________ --> Link geklickt - bin ich infiziert? http://civg.org/mynews.php |
|
| Themen zu Link geklickt - bin ich infiziert? http://civg.org/mynews.php |
| account, achtung, bin ich infiziert, folge, folgende, folgenden, freund, gefunde, geklickt, geknackt, infiziert, infiziert?, link, link geklickt, mail, nichts, wenig |
Linear-Darstellung
