Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Dldr.Esitgun.A eingefangen

TR/Dldr.Esitgun.A eingefangen


Plagegeister aller Art und deren Bekämpfung: TR/Dldr.Esitgun.A eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 03.05.2014, 12:30   #1
Jorinde
 
TR/Dldr.Esitgun.A eingefangen - Standard

TR/Dldr.Esitgun.A eingefangen


Liebes Forum

wie kann ich diesen Trojaner DAUERHAFT entfernen? Der Avira PC Cleaner löscht ihn, aber er kommt sofort wieder.
Muss ich den PC plätten?

DAnke für Eure Hilfe
Jorinde

Alt 03.05.2014, 12:43   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
TR/Dldr.Esitgun.A eingefangen - Standard

TR/Dldr.Esitgun.A eingefangen




Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweise: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Das dauert dann zwar ein paar Stunden länger, garantiert aber, dass Du kompetente Hilfe und geprüfte Antworten bekommst. Siehe hier...

Ich bedanke mich für Deine Geduld!



Schritt 1 (Scan mit FRST)
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 03.05.2014, 14:15   #3
Jorinde
 
TR/Dldr.Esitgun.A eingefangen - Standard

TR/Dldr.Esitgun.A eingefangen


Hallo Jürgen danke für Deine Hilfe.
Hier das Scan result (das mit dem # hat nicht geklappt, hab "code" von Hand getippt, hoffe, das geht auch...

Lieben Gruß
Jorinde



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014
Ran by ju (administrator) on JUTTA-PRIVAT on 03-05-2014 15:05:29
Running from C:\Users\ju\Downloads
Microsoft Windows 8 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantDisplayService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Settings\CmdServer\EasyLauncher.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
() C:\ProgramData\Samsung\Service\SamsungConfiguration.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Touch Supporter\TouchSupporter.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Mini S Note\MiniSNoteAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Touch Supporter\External\InputSupporter\InputSupporter.exe
() C:\Program Files\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Windows\System32\hsmon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2760408 2013-10-20] (Realtek Semiconductor)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM\...\Run: [Intel AppUp(SM) center] => C:\Program Files\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM\...\Run: [Norton Online Backup] => C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe [2304192 2012-08-15] (Symantec Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2234656 2013-02-18] (ELAN Microelectronics Corp.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [73216 2012-12-27] (Intel Corporation)
HKLM\...\Run: [IntelHeadphoneMonitor] => C:\windows\system32\hsmon.exe [101888 2013-07-03] (Intel(R) Corporation)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-11-02] (Western Digital Technologies, Inc.)
HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKU\.DEFAULT\...\RunOnce: [Application Restart #1] - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [353120 2012-10-11] (Microsoft Corporation)
HKU\S-1-5-21-3136178970-1929047109-2096448968-1001\...\Run: [BackgroundContainer] => "C:\windows\system32\Rundll32.exe" "C:\Users\ju\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-3136178970-1929047109-2096448968-1001\...\MountPoints2: {1740425a-8b1f-11e3-b1fe-c04b5856b51f} - "D:\AutoRun.exe" 
HKU\S-1-5-21-3136178970-1929047109-2096448968-1001\...\MountPoints2: {a1528d37-5de8-11e3-b183-beefd1f990c1} - "D:\AutoRun.exe" 
HKU\S-1-5-21-3136178970-1929047109-2096448968-1001\...\MountPoints2: {a1528d84-5de8-11e3-b183-beefd1f990c1} - "D:\AutoRun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
URLSearchHook: HKLM - RadioTotal1 Toolbar - {422f7661-9403-4da4-b4ef-cc3e268817b5} - C:\Program Files\RadioTotal1\prxtbRadi.dll (Conduit Ltd.)
URLSearchHook: HKCU - RadioTotal1 Toolbar - {422f7661-9403-4da4-b4ef-cc3e268817b5} - C:\Program Files\RadioTotal1\prxtbRadi.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {798B105B-7EB5-4F5D-AEC7-7CF3A8AFA8A9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {798B105B-7EB5-4F5D-AEC7-7CF3A8AFA8A9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {798B105B-7EB5-4F5D-AEC7-7CF3A8AFA8A9} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {798B105B-7EB5-4F5D-AEC7-7CF3A8AFA8A9} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {7ECFA5B2-97DA-43BC-BF57-85492474C45E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317892&CUI=UN94040880539732837&UM=2
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKCU - {D236C34A-B256-42A3-B5D0-AA1F49282084} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=628b3433-c265-48ee-9dc7-4ebfbf0273a8&apn_sauid=F63EC2E9-0303-43C6-AE63-0960BFE90E31
BHO: RadioTotal1 Toolbar - {422f7661-9403-4da4-b4ef-cc3e268817b5} - C:\Program Files\RadioTotal1\prxtbRadi.dll (Conduit Ltd.)
Toolbar: HKLM - RadioTotal1 Toolbar - {422f7661-9403-4da4-b4ef-cc3e268817b5} - C:\Program Files\RadioTotal1\prxtbRadi.dll (Conduit Ltd.)
Toolbar: HKLM - loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\ju\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - RadioTotal1 Toolbar - {422F7661-9403-4DA4-B4EF-CC3E268817B5} - C:\Program Files\RadioTotal1\prxtbRadi.dll (Conduit Ltd.)
Toolbar: HKCU - loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\ju\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2C99D7DB-9025-49B0-AA29-4653A9D0C3A4}: [NameServer]10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{4AA3330B-37F3-4F7D-BA80-F353BF30D0E6}: [NameServer] 
Tcpip\..\Interfaces\{80B3E488-A266-48E1-9D2B-C6E097FA1572}: [NameServer]10.74.210.210,10.74.210.211

FireFox:
========
FF ProfilePath: C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default
FF user.js: detected! => C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\user.js
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.tagesschau.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: vis - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2014-01-04]
FF Extension: loadtbs - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\software@loadtubes.com [2014-05-01]
FF Extension: AddThis - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2013-03-23]
FF Extension: RadioTotal1  - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\{422f7661-9403-4da4-b4ef-cc3e268817b5} [2014-04-02]
FF Extension: Ghostery - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\firefox@ghostery.com.xpi [2014-04-23]
FF Extension: Bluhell Firewall - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-03-29]
FF Extension: Web Developer - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-12-07]
FF Extension: Ecosia - The search engine that plants trees - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2013-11-04]
FF Extension: Adblock Plus - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-03]
FF Extension: Adblock Edge - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-04-12]

Chrome: 
=======
CHR Extension: (RadioTotal1) - C:\Users\ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfigonhgidedenkkhlilmefgodjpefna [2014-01-04]
CHR Extension: (Google Wallet) - C:\Users\ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR HKLM\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\ju\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2013-12-29]
CHR HKCU\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\ju\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2013-12-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
R2 DptfParticipantDisplayService; C:\windows\system32\DptfParticipantDisplayService.exe [103424 2012-12-27] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\windows\system32\DptfParticipantProcessorService.exe [75776 2012-12-27] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\windows\system32\DptfPolicyCriticalService.exe [68608 2012-12-27] (Intel Corporation)
S2 DptfPolicyLpmService; C:\windows\system32\DptfPolicyLpmService.exe [81920 2012-12-27] (Intel Corporation)
R2 Easy Launcher; C:\Program Files\Samsung\Settings\CmdServer\EasyLauncher.exe [1594568 2013-01-03] (Samsung Electronics CO., LTD.)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 Internet Manager. RunOuc; C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2011-06-17] ()
R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2952896 2012-08-15] (Symantec Corporation)
R2 SamsungConfigurationWinService; C:\Programdata\Samsung\Service\SamsungConfiguration.exe [32256 2013-03-14] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [6054816 2012-09-20] (Wacom Technology, Corp.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\system32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\windows\system32\DRIVERS\ax88772.sys [91136 2012-07-07] (ASIX Electronics Corp.)
R1 BasicRender; C:\windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)
R3 BCMSDH43XX; C:\windows\system32\DRIVERS\bcmdhd63.sys [833816 2012-10-02] (Broadcom)
S3 BthLEEnum; C:\windows\system32\DRIVERS\BthLEEnum.sys [165376 2012-07-26] (Microsoft Corporation)
S3 BthMini; C:\windows\System32\Drivers\BTHMINI.sys [23552 2013-01-09] (Microsoft Corporation)
S3 btwampfl; C:\windows\system32\drivers\btwampfl.sys [140152 2012-10-16] (Broadcom Corporation.)
R3 BtwSerialBus; C:\windows\System32\drivers\BtwSerialBus.sys [114456 2012-12-14] (Broadcom Corporation.)
R3 camera; C:\windows\system32\DRIVERS\camera.sys [201728 2012-12-27] (Intel Corporation)
R1 ccSet_NARA; C:\windows\system32\drivers\NARA\0401000.00E\ccSetx86.sys [134304 2012-05-26] (Symantec Corporation)
R0 ChaabiDriver; C:\windows\System32\drivers\ChaabiDriver.sys [72280 2012-12-27] (Intel Corporation)
R0 clvpep; C:\windows\System32\drivers\clvpep.sys [81648 2012-11-02] (Intel Corporation)
R3 DptfDevDisplay; C:\windows\system32\DRIVERS\DptfDevDisplay.sys [35840 2012-12-27] (Intel Corporation)
R3 DptfDevGen; C:\windows\system32\DRIVERS\DptfDevGen.sys [41472 2012-12-27] (Intel Corporation)
R3 DptfDevProc; C:\windows\system32\DRIVERS\DptfDevProc.sys [60928 2012-12-27] (Intel Corporation)
R3 DptfManager; C:\windows\system32\DRIVERS\DptfManager.sys [155136 2012-12-27] (Intel Corporation)
R3 ETD; C:\windows\system32\DRIVERS\ETD.sys [120608 2013-03-06] (ELAN Microelectronics Corp.)
R3 GPIOCLV; C:\windows\System32\drivers\GPIOCLV.sys [22016 2012-11-02] (Intel Corporation)
S3 hidkmdf; C:\windows\System32\drivers\hidkmdf.sys [11680 2012-09-18] (Windows (R) Win 7 DDK provider)
S3 huawei_cdcacm; C:\windows\system32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\windows\System32\drivers\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\windows\system32\DRIVERS\ew_juwwanecm.sys [202752 2012-04-23] (Huawei Technologies Co., Ltd.)
R3 igdperf32; C:\windows\system32\DRIVERS\igdperf32.sys [4096 2013-11-20] ()
R0 inteli2c; C:\windows\System32\drivers\inteli2c.sys [48880 2012-12-27] (Intel Corporation)
R3 IntelSST; C:\windows\system32\drivers\isstrtc.sys [241152 2013-07-03] (Intel(R) Corporation)
R0 Lm3554; C:\windows\System32\drivers\lm3554.sys [34304 2012-12-27] (Intel Corporation)
R0 LNWIPC; C:\windows\System32\drivers\LNWIPC.sys [25840 2012-11-02] (Intel Corporation)
R0 MBI; C:\windows\System32\drivers\MBI.sys [16112 2012-11-02] (Intel Corporation)
R3 MSICReg; C:\windows\System32\drivers\MSICReg.sys [17408 2012-11-02] (Intel Corporation)
R3 mxtBootBridge; C:\windows\System32\drivers\mxtBootBridge.sys [25088 2012-09-11] (Windows (R) Win 7 DDK provider)
R3 ov2720; C:\windows\System32\drivers\ov2720.sys [43520 2012-12-27] (Intel Corporation)
R3 ov8830; C:\windows\system32\DRIVERS\ov8830.sys [61440 2012-12-27] (Intel Corporation)
R3 PSI; C:\windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
R3 rtii2sac; C:\windows\system32\DRIVERS\rtii2sac.sys [142552 2013-10-20] (Realtek Semiconductor Corp.)
R3 SensorsHIDClassDriver; C:\windows\System32\drivers\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
R3 spi; C:\windows\System32\drivers\spi.sys [46592 2012-11-02] (Intel Corporation)
S1 ssmdrv; C:\windows\system32\DRIVERS\ssmdrv.sys [28520 2013-03-15] (Avira GmbH)
S3 TVICHW32; C:\windows\system32\DRIVERS\TVICHW32.SYS [29536 2013-08-03] (EnTech Taiwan)
R3 Uart16550pc; C:\windows\System32\drivers\Uart16550pc.sys [40960 2012-11-02] (Intel Corporation)
R3 WacHidRouter; C:\windows\System32\drivers\wachidrouter.sys [75064 2013-07-26] (Wacom Technology)
R3 wacomrouterfilter; C:\windows\System32\drivers\wacomrouterfilter.sys [13728 2012-09-18] (Wacom Technology)
R3 wmbclass; C:\windows\System32\drivers\wmbclass.sys [191488 2013-04-06] (Microsoft Corporation)
S3 BcmGnssBus; \SystemRoot\System32\drivers\BcmGnssBus.sys [X]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-03 15:05 - 2014-05-03 15:05 - 00021355 _____ () C:\Users\ju\Downloads\FRST.txt
2014-05-03 15:05 - 2014-05-03 15:05 - 00000000 ____D () C:\FRST
2014-05-03 15:00 - 2014-05-03 15:02 - 01050624 _____ (Farbar) C:\Users\ju\Downloads\FRST.exe
2014-05-03 12:30 - 2014-05-03 12:30 - 00008192 _____ () C:\windows\system32\WDPABKP.dat
2014-05-02 16:27 - 2014-05-02 16:27 - 00283376 _____ (Mozilla) C:\Users\ju\Downloads\Firefox Setup Stub 29.0.exe
2014-05-02 11:48 - 2014-05-02 17:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-01 12:39 - 2014-05-01 16:38 - 00000000 ____D () C:\Users\ju\AppData\Roaming\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00002717 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ___RD () C:\Program Files\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ____D () C:\Users\ju\AppData\Local\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ____D () C:\ProgramData\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-01 12:32 - 2014-05-01 12:34 - 34827424 _____ (Skype Technologies S.A.) C:\Users\ju\Downloads\SkypeSetupFull6.14.73.104.exe
2014-05-01 12:27 - 2014-05-01 12:30 - 00000000 ____D () C:\Users\ju\AppData\Roaming\loadtbs
2014-05-01 12:27 - 2014-05-01 12:27 - 00000000 ____D () C:\Users\ju\AppData\Roaming\convert
2014-05-01 00:44 - 2014-05-01 12:18 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-30 03:00 - 2014-04-23 01:47 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-04-30 03:00 - 2014-04-23 01:47 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-16 23:30 - 2014-04-16 23:30 - 00002017 _____ () C:\Users\Public\Desktop\Support Center.lnk
2014-04-13 19:45 - 2014-04-13 19:45 - 00001798 _____ () C:\Users\ju\Documents\DeliVerfall0.odb
2014-04-13 18:54 - 2014-04-13 18:55 - 02278856 _____ () C:\Users\ju\Downloads\avira_pc_cleaner_de.exe
2014-04-11 07:51 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-04-11 07:50 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-11 07:50 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-11 07:50 - 2014-03-07 02:48 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-11 07:50 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-11 07:50 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-11 07:50 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-11 07:50 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-04-11 07:50 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-11 07:50 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-11 07:50 - 2014-02-06 01:37 - 01011712 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-11 07:50 - 2014-02-06 01:37 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-04-11 07:50 - 2014-02-03 22:41 - 00303448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-11 07:50 - 2014-02-03 22:41 - 00238424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-11 07:50 - 2014-01-31 03:33 - 00200384 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-04-11 07:50 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-04-11 07:50 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2014-04-11 07:50 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-04-11 07:50 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-11 07:50 - 2014-01-27 03:37 - 01799512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-04-11 07:50 - 2014-01-27 03:09 - 01618264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-11 07:50 - 2014-01-27 01:16 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml
2014-04-11 07:50 - 2014-01-16 01:42 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2014-04-11 07:50 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-04-11 07:50 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-04-11 07:50 - 2013-10-25 06:45 - 00661504 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-04-11 07:50 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-04-11 07:50 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-11 07:50 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-04-11 07:50 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-11 07:50 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-11 07:50 - 2012-11-08 06:24 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-11 07:49 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-07 23:28 - 2014-04-07 23:28 - 00008709 _____ () C:\Users\ju\Documents\bsi.odt
2014-04-06 15:26 - 2014-04-06 15:26 - 00000000 ____D () C:\Users\ju\AppData\Roaming\S Note

==================== One Month Modified Files and Folders =======

2014-05-03 15:05 - 2014-05-03 15:05 - 00021355 _____ () C:\Users\ju\Downloads\FRST.txt
2014-05-03 15:05 - 2014-05-03 15:05 - 00000000 ____D () C:\FRST
2014-05-03 15:03 - 2013-03-23 01:20 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-03 15:02 - 2014-05-03 15:00 - 01050624 _____ (Farbar) C:\Users\ju\Downloads\FRST.exe
2014-05-03 15:01 - 2013-03-15 10:24 - 00001116 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-03 15:01 - 2013-03-15 10:24 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-03 14:19 - 2012-12-14 08:09 - 00000360 _____ () C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2014-05-03 14:00 - 2012-07-26 08:53 - 00000000 ____D () C:\windows\system32\sru
2014-05-03 13:24 - 2012-07-26 08:53 - 00000000 ____D () C:\windows\Microsoft.NET
2014-05-03 12:37 - 2012-07-26 07:17 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-03 12:30 - 2014-05-03 12:30 - 00008192 _____ () C:\windows\system32\WDPABKP.dat
2014-05-03 12:30 - 2012-07-26 08:04 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-03 12:29 - 2013-03-16 13:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-03 12:29 - 2012-07-26 07:10 - 00687832 _____ () C:\windows\PFRO.log
2014-05-03 01:42 - 2012-07-26 06:17 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-05-02 17:26 - 2014-05-02 11:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-02 17:26 - 2013-03-16 13:45 - 00001098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-02 17:26 - 2013-03-16 13:45 - 00001086 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-02 16:27 - 2014-05-02 16:27 - 00283376 _____ (Mozilla) C:\Users\ju\Downloads\Firefox Setup Stub 29.0.exe
2014-05-02 15:10 - 2014-02-26 00:34 - 00002038 _____ () C:\Users\ju\Desktop\Entfernen des Avira PC Cleaners.lnk
2014-05-02 15:10 - 2014-02-15 19:18 - 00001978 _____ () C:\Users\ju\Desktop\Avira PC Cleaner.lnk
2014-05-02 10:16 - 2012-07-26 08:53 - 00000000 ____D () C:\windows\system32\NDF
2014-05-02 00:14 - 2013-03-14 21:13 - 02078881 _____ () C:\windows\WindowsUpdate.log
2014-05-01 16:38 - 2014-05-01 12:39 - 00000000 ____D () C:\Users\ju\AppData\Roaming\Skype
2014-05-01 13:41 - 2013-03-15 12:32 - 00000000 ____D () C:\Users\ju\Documents\Privat
2014-05-01 12:39 - 2014-05-01 12:39 - 00002717 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ___RD () C:\Program Files\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ____D () C:\Users\ju\AppData\Local\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ____D () C:\ProgramData\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-01 12:34 - 2014-05-01 12:32 - 34827424 _____ (Skype Technologies S.A.) C:\Users\ju\Downloads\SkypeSetupFull6.14.73.104.exe
2014-05-01 12:30 - 2014-05-01 12:27 - 00000000 ____D () C:\Users\ju\AppData\Roaming\loadtbs
2014-05-01 12:27 - 2014-05-01 12:27 - 00000000 ____D () C:\Users\ju\AppData\Roaming\convert
2014-05-01 12:18 - 2014-05-01 00:44 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 22:27 - 2012-07-26 08:53 - 00000000 ____D () C:\windows\AUInstallAgent
2014-04-29 20:16 - 2013-03-15 10:25 - 00002094 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-25 19:31 - 2013-03-15 09:47 - 00000000 ____D () C:\Users\ju\AppData\Local\CrashDumps
2014-04-23 01:47 - 2014-04-30 03:00 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-04-23 01:47 - 2014-04-30 03:00 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-19 20:41 - 2013-11-16 11:19 - 00000000 ____D () C:\Users\ju\Documents\BUND
2014-04-16 23:30 - 2014-04-16 23:30 - 00002017 _____ () C:\Users\Public\Desktop\Support Center.lnk
2014-04-16 23:30 - 2012-12-14 06:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-04-14 19:06 - 2013-03-15 12:33 - 00000000 ____D () C:\Users\ju\AppData\Local\Adobe
2014-04-13 19:51 - 2013-03-15 12:31 - 00000000 ____D () C:\Users\ju\Documents\Gruene
2014-04-13 19:45 - 2014-04-13 19:45 - 00001798 _____ () C:\Users\ju\Documents\DeliVerfall0.odb
2014-04-13 18:55 - 2014-04-13 18:54 - 02278856 _____ () C:\Users\ju\Downloads\avira_pc_cleaner_de.exe
2014-04-11 12:19 - 2012-07-26 08:53 - 00000000 ____D () C:\windows\rescache
2014-04-11 08:02 - 2012-07-26 08:53 - 00000000 ___RD () C:\windows\ToastData
2014-04-11 08:02 - 2012-07-26 08:53 - 00000000 ____D () C:\windows\WinStore
2014-04-11 07:57 - 2013-07-21 21:21 - 00000000 ____D () C:\windows\system32\MRT
2014-04-11 07:53 - 2013-03-14 22:51 - 88028728 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-07 23:28 - 2014-04-07 23:28 - 00008709 _____ () C:\Users\ju\Documents\bsi.odt
2014-04-06 15:26 - 2014-04-06 15:26 - 00000000 ____D () C:\Users\ju\AppData\Roaming\S Note
2014-04-04 02:12 - 2013-04-21 23:29 - 00011759 _____ () C:\Users\ju\Documents\Unbenannt 1.odt

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\ju\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-27 13:59

==================== End Of Log ============================
--- --- ---
Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-05-2014
Ran by ju at 2014-05-03 15:06:39
Running from C:\Users\ju\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-PDF Maker Version 1.4.1 (Build 128) (HKLM\...\7-PDF Maker_is1) (Version: 7-PDF Maker - Version 1.4.1 (Build 128) - 7-PDF, Germany - Thorsten Hodes)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
E-POP (HKLM\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare USB-X86 11.7.0.426_WHQL (HKLM\...\Elantech) (Version: 11.7.0.426 - ELAN Microelectronic Corp.)
Fotogalerie (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
Intel AppUp(SM) center (HKLM\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.14.3.1099 - Intel Corporation)
Internet Manager (HKLM\...\Internet Manager) (Version: 22.001.18.68.55 - Huawei Technologies Co.,Ltd)
ISD Tablet (HKLM\...\ISD Tablet Driver) (Version: 7.1.0-5 - Wacom Technology Corp.)
LibreOffice 4.0 Help Pack (German) (HKLM\...\{FE231FC3-A6F1-45D4-AE1B-C591610EBC32}) (Version: 4.0.5.2 - The Document Foundation)
LibreOffice 4.1.4.2 (HKLM\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
loadtbs-3.0 (HKLM\...\loadtbs-3.0) (Version: - )
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mini S Note (HKLM\...\{D3D81CA0-B970-43A0-ACD0-DC7A36B85910}) (Version: 1.0.28.1 - Samsung Electronics CO. LTD)
Movie Maker (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0 (x86 de) (HKLM\...\Mozilla Firefox 29.0 (x86 de)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Norton Online Backup (HKLM\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (Version: 4.1.0.14 - Symantec Corporation) Hidden
PDF Writer for Windows 8 (HKLM\...\PDF Writer for Windows 8_is1) (Version: - Wondersoft)
PDF24 Creator 6.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Photo Common (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PicPick (HKLM\...\PicPick) (Version: 3.2.4 - NTeWORKS)
Raccolta foto (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
RadioTotal1 Toolbar for IE (HKLM\...\IECT3317892) (Version: 6.17.2.8 - RadioTotal1)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.3082 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Secunia PSI (3.0.0.7011) (HKLM\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Settings (HKLM\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Support Center (HKLM\...\{AB0DEFBB-1A16-47B5-86D2-39F0A2B24AE4}) (Version: 2.1.1210 - Samsung Electronics CO., LTD.)
Support Center FAQ (Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
Touch Supporter (HKLM\...\{F33066D2-6BDA-4F95-85BD-7E8CB6F64FAB}_is1) (Version: 2.0.0.35 - Samsung Electronics CO., LTD.)
User Guide (HKLM\...\{ED584F38-A39D-4FBF-ADC0-CE2C343CAF21}) (Version: 2.4.00 - Samsung Electronics CO., LTD.)
VIS (HKLM\...\VIS) (Version: - ) <==== ATTENTION
WD Drive Utilities (HKLM\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM\...\{507B1304-194A-4204-A9D9-9BAAF51EF760}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{8A7B24E8-864E-4794-95C4-17644D0991AA}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{FDAEE697-A659-43C5-9520-6DA298EF021E}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{ba99df5b-3e46-419e-81e2-544352772fda}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.3600 - Broadcom Corporation)
Windows Driver Package - Broadcom (bcmfn2) System (08/30/2012 20.43.14.119) (HKLM\...\8ACEFA31AC73553F5EEFA5785AD8D4D0E850401F) (Version: 08/30/2012 20.43.14.119 - Broadcom)
Windows Driver Package - Broadcom (BCMSDH43XX) Net (09/28/2012 5.93.97.76) (HKLM\...\D5631A91EBAF24FAF75D27148329D007EA6B8580) (Version: 09/28/2012 5.93.97.76 - Broadcom)
Windows Driver Package - Broadcom (BtwSerialBus) System (10/03/2012 12.0.0.2920) (HKLM\...\B21CF2229A6456E95E3A51F820F8DF8F6440233D) (Version: 10/03/2012 12.0.0.2920 - Broadcom)
Windows Driver Package - Nuvoton Technology Corporation (WUDFRd) System (09/20/2012 8.1.111.5005) (HKLM\...\A8639B06FC592D11B23C8B90C30A55A1B8234A1F) (Version: 09/20/2012 8.1.111.5005 - Nuvoton Technology Corporation)
Windows Live (HKLM\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Xerox PhotoCafe (HKLM\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)

==================== Restore Points =========================

27-04-2014 11:59:20 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04D355F6-EB31-4707-A7F6-5C5BC6BF371C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: {1AC2CFF0-8D74-45F0-89E8-12A5C4AA01D9} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {25B122B9-9B8E-4FF2-8FDA-8029BCBBCC11} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {280F05D8-45FD-406B-8D5F-7DD164683B49} - System32\Tasks\Western Digital\SmartWare\____Volume_2fc6c1c1_1c9a_4d65_83f6_1de959507ffd______Volume_1ee9d372_7f9a_11e3_b1dd_9584b1b6527c__ => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe [2013-11-02] (Western Digital Technologies, Inc.)
Task: {288FD4FC-A76D-43D6-A7B1-1DB2B7625011} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-15] (Google Inc.)
Task: {37D7B9A3-6FA4-47F7-96D0-B977506B1B00} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {4CBD6812-B82E-4761-A152-C1B289BA46DE} - System32\Tasks\TouchSupporter => C:\Program Files\Samsung\Touch Supporter\TouchSupporter.exe [2012-11-14] (Samsung Electronics CO., LTD.)
Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {6DE1E207-66D2-4D8C-8469-74A88864C322} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-15] (Google Inc.)
Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A9B34D8E-4202-433A-86A4-17E625D16684} - System32\Tasks\Settings => C:\Program Files\Samsung\Settings\sSettings.exe [2013-01-03] (Samsung Electronics CO., LTD.)
Task: {B5D5AAB8-DD75-4E81-845F-3FB77681C8C5} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\ju\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {CBAAAF6B-1F2D-4CC9-8DCE-70A29192A0C9} - System32\Tasks\InputSupporter => C:\Program Files\Samsung\Touch Supporter\External\InputSupporter\InputSupporter.exe [2012-11-14] (Samsung Electronics CO., LTD.)
Task: {CD4CED2F-9A2C-4B71-83BA-AF8A6BF13407} - System32\Tasks\SNoteAgent => C:\Program Files\Samsung\Mini S Note\MiniSNoteAgent.exe [2012-11-13] (Samsung Electronics CO., LTD.)
Task: {E222FC0A-2A9C-4F75-9113-2C5D05150523} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {EF9592CE-7796-47A6-9CD5-8630640D45BB} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2013-01-03 23:08 - 2013-01-03 23:08 - 00211064 _____ () C:\Program Files\Samsung\Settings\CmdServer\WinCRT.dll
2013-03-15 10:36 - 2013-03-15 10:35 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2012-10-21 13:41 - 2012-10-21 13:41 - 00042872 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2011-03-14 17:27 - 2011-03-14 17:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2014-05-03 12:30 - 2011-06-17 13:04 - 00224096 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
2013-12-05 22:13 - 2009-01-10 12:32 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
2013-12-05 22:13 - 2009-06-22 20:42 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2013-12-05 22:13 - 2010-05-05 10:47 - 02415104 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
2013-12-05 22:13 - 2010-02-10 16:10 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
2013-09-23 23:18 - 2013-03-14 11:59 - 00032256 _____ () C:\Programdata\Samsung\Service\SamsungConfiguration.exe
2012-12-14 07:03 - 2012-09-20 04:02 - 00963488 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2013-01-03 23:08 - 2013-01-03 23:08 - 00085192 _____ () C:\Program Files\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2013-01-03 23:08 - 2013-01-03 23:08 - 00029384 _____ () C:\Program Files\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2013-01-03 23:09 - 2013-01-03 23:09 - 01080520 _____ () C:\Program Files\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2013-01-03 23:08 - 2013-01-03 23:08 - 00111304 _____ () C:\Program Files\Samsung\Settings\CmdServer\EasySettingsBase.dll
2013-01-03 23:08 - 2013-01-03 23:08 - 00056440 _____ () C:\Program Files\Samsung\Settings\CmdServer\HookDllPS2.dll
2014-01-04 13:05 - 2010-04-26 20:03 - 00200192 _____ () C:\Program Files\7-PDF\7-PDF Maker\7p.dll
2013-01-03 23:08 - 2013-01-03 23:08 - 00027336 _____ () C:\Program Files\Samsung\Settings\EasySettingsAPI.dll
2013-01-03 23:09 - 2013-01-03 23:09 - 00111304 _____ () C:\Program Files\Samsung\Settings\EasySettingsBase.dll
2013-01-03 23:08 - 2013-01-03 23:08 - 00061128 _____ () C:\Program Files\Samsung\Settings\EasyMovieEnhancer.dll
2013-01-03 23:08 - 2013-01-03 23:08 - 00103624 _____ () C:\Program Files\Samsung\Settings\EasySettingsCmdClient.dll
2014-03-19 11:39 - 2014-03-19 11:39 - 00081456 _____ () C:\Program Files\Samsung\S Agent\ToastDLL.dll
2014-05-01 00:44 - 2014-05-01 00:44 - 03019888 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-05-01 00:44 - 2014-05-01 00:44 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-05-01 00:44 - 2014-05-01 00:44 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-05-02 17:26 - 2014-04-22 11:25 - 03845232 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gpioclv.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\inteli2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lnwipc.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2014 01:36:13 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/03/2014 01:36:13 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/03/2014 01:36:13 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/03/2014 01:27:33 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/03/2014 01:27:28 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/03/2014 01:27:28 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/03/2014 00:30:17 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (05/01/2014 00:17:09 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (04/29/2014 09:51:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/29/2014 09:51:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (05/03/2014 00:30:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/03/2014 00:30:14 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.

Error: (05/02/2014 10:14:33 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/02/2014 10:14:33 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.

Error: (05/01/2014 09:42:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/01/2014 09:42:00 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.

Error: (05/01/2014 04:14:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/01/2014 04:14:55 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.

Error: (05/01/2014 00:17:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/01/2014 00:17:06 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.


Microsoft Office Sessions:
=========================
Error: (05/03/2014 01:36:13 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Settings\CmdServer\ExpressCacheRun64.exe

Error: (05/03/2014 01:36:13 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Settings\CmdServer\VendorAPIRun64.exe

Error: (05/03/2014 01:36:13 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Settings\CmdServer\Touchpad\x64\SetTouchpadControl64.exe

Error: (05/03/2014 01:27:33 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Settings\CmdServer\ExpressCacheRun64.exe

Error: (05/03/2014 01:27:28 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Settings\CmdServer\VendorAPIRun64.exe

Error: (05/03/2014 01:27:28 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Settings\CmdServer\Touchpad\x64\SetTouchpadControl64.exe

Error: (05/03/2014 00:30:17 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (05/01/2014 00:17:09 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (04/29/2014 09:51:47 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Settings\CmdServer\ExpressCacheRun64.exe

Error: (04/29/2014 09:51:47 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Settings\CmdServer\VendorAPIRun64.exe


CodeIntegrity Errors:
===================================
Date: 2014-05-03 12:29:55.173
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-02 10:14:14.658
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-01 21:41:43.580
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-01 16:14:37.548
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-01 12:16:48.955
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-29 19:26:15.439
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-28 22:06:21.814
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-28 18:06:56.548
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-27 19:48:08.408
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-27 12:36:59.361
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 1962.46 MB
Available physical RAM: 944.4 MB
Total Pagefile: 2666.46 MB
Available Pagefile: 1270.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1840.65 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:51.44 GB) (Free:18.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 58 GB) (Disk ID: 0AEBCAD5)

Partition: GPT Partition Type.

==================== End Of Log ============================[/CODE]
__________________
Alt 03.05.2014, 14:19   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
TR/Dldr.Esitgun.A eingefangen - Standard

TR/Dldr.Esitgun.A eingefangen



Schon OK

Kannst Du auch noch das Log oder einen Screenshot von Avira und dem Fund posten?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 04.05.2014, 08:53   #5
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
TR/Dldr.Esitgun.A eingefangen - Standard

TR/Dldr.Esitgun.A eingefangen


Hi,
wenn Du noch sagen könntest wo oder in was APC das findet wäre es hilfreich....

So gehts auf jeden Fall weiter:

Schritt 1

Bitte deinstalliere folgende Programme:

RadioTotal1 Toolbar for IE
VIS


Versuche es bei Windows 7 zunächst über Systemsteuerung/Programme deinstallieren bzw. bei Windows 8 mit der Windowstaste + x über
Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhier herunter, entpacke die zip-Datei auf den Desktop und starte die Revouninstaller.exe.
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche dann im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.

Klicke jedesmal auf Uninstall. Wähle anschließend den Modus "Moderat" aus.

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Schritt 4


Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 04.05.2014, 11:57   #6
Jorinde
 
TR/Dldr.Esitgun.A eingefangen - Standard

TR/Dldr.Esitgun.A eingefangen


Hallo Jürgen

bin dabei, die Schritte durchzuführen - schon mal vielen Dank für Deine Hilfe!!

LG Jorinde

Alt 04.05.2014, 12:03   #7
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
TR/Dldr.Esitgun.A eingefangen - Standard

TR/Dldr.Esitgun.A eingefangen


Ok...

Wo findet denn der Avira PC Cleaner den Schädling?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 04.05.2014, 12:20   #8
Jorinde
 
TR/Dldr.Esitgun.A eingefangen - Standard

TR/Dldr.Esitgun.A eingefangen


Hallo,,
ich habe jetzt noch NICHTS gelöscht, weil es mir komisch vorkam, dass so viele Keys raussollen?

Hier das log:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.205 - Bericht erstellt am 04/05/2014 um 12:57:20
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 8  (32 bits)
# Benutzername : ju - JUTTA-PRIVAT
# Gestartet von : C:\Users\ju\Desktop\adwcleaner-3.205.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\user.js
Datei Gefunden : C:\windows\System32\Tasks\BackgroundContainer Startup Task
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Users\ju\AppData\Local\Conduit
Ordner Gefunden : C:\Users\ju\AppData\Local\DownloadGuide
Ordner Gefunden : C:\Users\ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfigonhgidedenkkhlilmefgodjpefna
Ordner Gefunden : C:\Users\ju\AppData\Local\NativeMessaging
Ordner Gefunden : C:\Users\ju\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\ju\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\ju\AppData\Roaming\loadtbs
Ordner Gefunden : C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\CT3317892
Ordner Gefunden : C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\{422f7661-9403-4da4-b4ef-cc3e268817b5}
Ordner Gefunden : C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\software@loadtubes.com
Ordner Gefunden : C:\Users\ju\AppData\Roaming\OpenCandy

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\cfigonhgidedenkkhlilmefgodjpefna
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKCU\Software\SecuredDownload
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3317892
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\cfigonhgidedenkkhlilmefgodjpefna
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B5D5AAB8-DD75-4E81-845F-3FB77681C8C5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5D5AAB8-DD75-4E81-845F-3FB77681C8C5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5D5AAB8-DD75-4E81-845F-3FB77681C8C5}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE

-\\ Mozilla Firefox v29.0 (de)

[ Datei : C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\prefs.js ]

Zeile gefunden : user_pref("CT3317892.FF19Solved", "true");
Zeile gefunden : user_pref("CT3317892.UserID", "UN13041814253217964");
Zeile gefunden : user_pref("CT3317892.fullUserID", "UN13041814253217964.IN.20140104115817");
Zeile gefunden : user_pref("CT3317892.installDate", "04/01/2014 11:58:25");
Zeile gefunden : user_pref("CT3317892.installSessionId", "{A79150C3-41F3-4075-80DC-931DCFBFF9A7}");
Zeile gefunden : user_pref("CT3317892.installSp", "false");
Zeile gefunden : user_pref("CT3317892.installerVersion", "1.8.1.4");
Zeile gefunden : user_pref("CT3317892.searchRevert", "false");
Zeile gefunden : user_pref("CT3317892.searchUninstallUserMode", "2");
Zeile gefunden : user_pref("CT3317892.searchUserMode", "2");
Zeile gefunden : user_pref("CT3317892.toolbarInstallDate", "04-01-2014 11:58:18");
Zeile gefunden : user_pref("CT3317892.versionFromInstaller", "10.23.0.722");
Zeile gefunden : user_pref("CT3317892.xpeMode", "0");
Zeile gefunden : user_pref("smartbar.machineId", "6MAFVF4BF5PP8CV7JBN8VATMCEL9PPFFY13VZKAQEADHPG65IWB0BZ9NXRJBBN7GHKPANEI0OI9SHKIDKM+C0W");

-\\ Google Chrome v34.0.1847.131

[ Datei : C:\Users\ju\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=628b3433-c265-48ee-9dc7-4ebfbf0273a8&apn_ptnrs=%5EAGS&apn_sauid=F63EC2E9-0303-43C6-AE63-0960BFE90E31&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
Gefunden [Search Provider] : hxxp://www.gruene.de/suche.html?tx_rsmsemanticsearch_pi1%5B__referrer%5D%5BextensionName%5D=RsmSemanticSearch&tx_rsmsemanticsearch_pi1%5B__referrer%5D%5BcontrollerName%5D=Search&tx_rsmsemanticsearch_pi1%5B__referrer%5D%5BactionName%5D=index&tx_rsmsemanticsearch_pi1%5B__hmac%5D=a%3A4%3A%7Bs%3A11%3A%22searchQuery%22%3Ba%3A3%3A%7Bs%3A7%3A%22orderby%22%3Bi%3A1%3Bs%3A4%3A%22date%22%3Bi%3A1%3Bs%3A11%3A%22queryString%22%3Bi%3A1%3B%7Ds%3A6%3A%22submit%22%3Bi%3A1%3Bs%3A6%3A%22action%22%3Bi%3A1%3Bs%3A10%3A%22controller%22%3Bi%3A1%3B%7D1a0220dcba72263ac887faa5a3401b6e1bbd75ad&tx_rsmsemanticsearch_pi1%5BsearchQuery%5D%5Borderby%5D=relevance&tx_rsmsemanticsearch_pi1%5BsearchQuery%5D%5Bdate%5D=*&tx_rsmsemanticsearch_pi1%5BsearchQuery%5D%5Bsearchsource%5D%5B%5D=gruene.de&tx_rsmsemanticsearch_pi1%5BsearchQuery%5D%5Bsearchsource%5D%5B%5D=gruene-bundestag.de&tx_rsmsemanticsearch_pi1%5BsearchQuery%5D%5Bsearchsource%5D%5B%5D=boell.de&tx_rsmsemanticsearch_pi1%5BsearchQuery%5D%5BqueryString%5D={searchTerms}
Gefunden [Extension] : cfigonhgidedenkkhlilmefgodjpefna

*************************

AdwCleaner[R0].txt - [6545 octets] - [04/05/2014 12:57:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6605 octets] ##########
--- --- ---

soll das echt alles weg?!

LG Jorinde

ach, der AVIRA PC Cleaner liefert leider keine log files sondern meldet nur kurz, die Schädlinge lägen im Thunderbird Inbox, Inbox-27 und Trash
Logischerweise finde ich im Explorer dort nix. Sonst wären es ja keine Trojaner.

LG Jorinde

Alt 04.05.2014, 12:20   #9
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
TR/Dldr.Esitgun.A eingefangen - Standard

TR/Dldr.Esitgun.A eingefangen


Zitat:
Zitat von Jorinde Beitrag anzeigen
Hallo,,
ich habe jetzt noch NICHTS gelöscht, weil es mir komisch vorkam, dass so viele Keys raussollen?

soll das echt alles weg?!

LG Jorinde
Ja, außer Du willst die Adware behalten...

Also ist der Fund in einer Email...
Ok, das reicht mir schon...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 04.05.2014, 18:24   #10
Jorinde
 
TR/Dldr.Esitgun.A eingefangen - Standard

TR/Dldr.Esitgun.A eingefangen


Hallo

hier ist schon mal die txt vom AdwCleanerAdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.205 - Bericht erstellt am 04/05/2014 um 13:20:42
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 8  (32 bits)
# Benutzername : ju - JUTTA-PRIVAT
# Gestartet von : C:\Users\ju\Desktop\adwcleaner-3.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\ju\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\ju\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\ju\AppData\Local\NativeMessaging
Ordner Gelöscht : C:\Users\ju\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\ju\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\ju\AppData\Roaming\loadtbs
Ordner Gelöscht : C:\Users\ju\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\CT3317892
Ordner Gelöscht : C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\software@loadtubes.com
Ordner Gelöscht : C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\{422f7661-9403-4da4-b4ef-cc3e268817b5}
Ordner Gelöscht : C:\Users\ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfigonhgidedenkkhlilmefgodjpefna
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\user.js
Datei Gelöscht : C:\windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\cfigonhgidedenkkhlilmefgodjpefna
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cfigonhgidedenkkhlilmefgodjpefna
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B5D5AAB8-DD75-4E81-845F-3FB77681C8C5}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5D5AAB8-DD75-4E81-845F-3FB77681C8C5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3317892
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0 (de)

[ Datei : C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\prefs.js ]

Zeile gelöscht : user_pref("CT3317892.FF19Solved", "true");
Zeile gelöscht : user_pref("CT3317892.UserID", "UN13041814253217964");
Zeile gelöscht : user_pref("CT3317892.fullUserID", "UN13041814253217964.IN.20140104115817");
Zeile gelöscht : user_pref("CT3317892.installDate", "04/01/2014 11:58:25");
Zeile gelöscht : user_pref("CT3317892.installSessionId", "{A79150C3-41F3-4075-80DC-931DCFBFF9A7}");
Zeile gelöscht : user_pref("CT3317892.installSp", "false");
Zeile gelöscht : user_pref("CT3317892.installerVersion", "1.8.1.4");
Zeile gelöscht : user_pref("CT3317892.searchRevert", "false");
Zeile gelöscht : user_pref("CT3317892.searchUninstallUserMode", "2");
Zeile gelöscht : user_pref("CT3317892.searchUserMode", "2");
Zeile gelöscht : user_pref("CT3317892.toolbarInstallDate", "04-01-2014 11:58:18");
Zeile gelöscht : user_pref("CT3317892.versionFromInstaller", "10.23.0.722");
Zeile gelöscht : user_pref("CT3317892.xpeMode", "0");
Zeile gelöscht : user_pref("smartbar.machineId", "6MAFVF4BF5PP8CV7JBN8VATMCEL9PPFFY13VZKAQEADHPG65IWB0BZ9NXRJBBN7GHKPANEI0OI9SHKIDKM+C0W");

-\\ Google Chrome v34.0.1847.131

[ Datei : C:\Users\ju\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=628b3433-c265-48ee-9dc7-4ebfbf0273a8&apn_ptnrs=%5EAGS&apn_sauid=F63EC2E9-0303-43C6-AE63-0960BFE90E31&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
Gelöscht [Search Provider] : hxxp://www.gruene.de/suche.html?tx_rsmsemanticsearch_pi1%5B__referrer%5D%5BextensionName%5D=RsmSemanticSearch&tx_rsmsemanticsearch_pi1%5B__referrer%5D%5BcontrollerName%5D=Search&tx_rsmsemanticsearch_pi1%5B__referrer%5D%5BactionName%5D=index&tx_rsmsemanticsearch_pi1%5B__hmac%5D=a%3A4%3A%7Bs%3A11%3A%22searchQuery%22%3Ba%3A3%3A%7Bs%3A7%3A%22orderby%22%3Bi%3A1%3Bs%3A4%3A%22date%22%3Bi%3A1%3Bs%3A11%3A%22queryString%22%3Bi%3A1%3B%7Ds%3A6%3A%22submit%22%3Bi%3A1%3Bs%3A6%3A%22action%22%3Bi%3A1%3Bs%3A10%3A%22controller%22%3Bi%3A1%3B%7D1a0220dcba72263ac887faa5a3401b6e1bbd75ad&tx_rsmsemanticsearch_pi1%5BsearchQuery%5D%5Borderby%5D=relevance&tx_rsmsemanticsearch_pi1%5BsearchQuery%5D%5Bdate%5D=*&tx_rsmsemanticsearch_pi1%5BsearchQuery%5D%5Bsearchsource%5D%5B%5D=gruene.de&tx_rsmsemanticsearch_pi1%5BsearchQuery%5D%5Bsearchsource%5D%5B%5D=gruene-bundestag.de&tx_rsmsemanticsearch_pi1%5BsearchQuery%5D%5Bsearchsource%5D%5B%5D=boell.de&tx_rsmsemanticsearch_pi1%5BsearchQuery%5D%5BqueryString%5D={searchTerms}
Gelöscht [Extension] : cfigonhgidedenkkhlilmefgodjpefna

*************************

AdwCleaner[R0].txt - [6685 octets] - [04/05/2014 12:58:33]
AdwCleaner[S0].txt - [6417 octets] - [04/05/2014 13:20:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6477 octets] ##########
--- --- ---

das andre mach ich gleich

mal gespannt...
danke Jorinde

Alt 04.05.2014, 18:43   #11
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
TR/Dldr.Esitgun.A eingefangen - Standard

TR/Dldr.Esitgun.A eingefangen


Alles klar...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 04.05.2014, 19:20   #12
Jorinde
 
TR/Dldr.Esitgun.A eingefangen - Standard

TR/Dldr.Esitgun.A eingefangen


hallo Jürgen
hier ist jetzt das Protokoll von Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 04.05.2014 19:27:13, SYSTEM, JUTTA-PRIVAT, Protection, Malware Protection, Starting, 
Protection, 04.05.2014 19:27:13, SYSTEM, JUTTA-PRIVAT, Protection, Malware Protection, Started, 
Protection, 04.05.2014 19:27:13, SYSTEM, JUTTA-PRIVAT, Protection, Malicious Website Protection, Starting, 
Protection, 04.05.2014 19:27:14, SYSTEM, JUTTA-PRIVAT, Protection, Malicious Website Protection, Started, 
Update, 04.05.2014 19:29:25, SYSTEM, JUTTA-PRIVAT, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, 
Update, 04.05.2014 19:29:49, SYSTEM, JUTTA-PRIVAT, Manual, Malware Database, 2014.3.4.9, 2014.5.4.8, 
Protection, 04.05.2014 19:29:50, SYSTEM, JUTTA-PRIVAT, Protection, Refresh, Starting, 
Protection, 04.05.2014 19:29:50, SYSTEM, JUTTA-PRIVAT, Protection, Malicious Website Protection, Stopping, 
Protection, 04.05.2014 19:29:50, SYSTEM, JUTTA-PRIVAT, Protection, Malicious Website Protection, Stopped, 
Protection, 04.05.2014 19:30:03, SYSTEM, JUTTA-PRIVAT, Protection, Refresh, Success, 
Protection, 04.05.2014 19:30:03, SYSTEM, JUTTA-PRIVAT, Protection, Malicious Website Protection, Starting, 
Protection, 04.05.2014 19:30:03, SYSTEM, JUTTA-PRIVAT, Protection, Malicious Website Protection, Started, 
Protection, 04.05.2014 20:10:20, SYSTEM, JUTTA-PRIVAT, Protection, Malware Protection, Starting, 
Protection, 04.05.2014 20:10:20, SYSTEM, JUTTA-PRIVAT, Protection, Malware Protection, Started, 
Protection, 04.05.2014 20:10:20, SYSTEM, JUTTA-PRIVAT, Protection, Malicious Website Protection, Starting, 
Protection, 04.05.2014 20:12:14, SYSTEM, JUTTA-PRIVAT, Protection, Malicious Website Protection, Started, 

(end)

Alt 04.05.2014, 19:25   #13
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
TR/Dldr.Esitgun.A eingefangen - Standard

TR/Dldr.Esitgun.A eingefangen


Hi, fast richtig gemacht...
Ist ein bissi schwierig mit dem neuen MBAM...

Kein Problem, vielleicht hilft Dir das ja...


Lesestoff
MBAM-Funde posten: So gehts...
Manchmal ist es wichtig zu wissen, welche Schadprogramme im Vorfeld ohne Anweisung der Helfer schon gelöscht wurden.
Daher benötige ich den Inhalt der Logdatei, in welcher der Suchlauf protokolliert wurde.
  • Starte MBAM.
  • Klicke auf Verlauf.
  • Klicke auf Anwendungsprotokolle.
  • Klicke auf das letzte Suchlaufprotokoll mit Funden.
  • Klicke auf "In Zwischenablage kopieren".
  • Poste den Inhalt in Code-Tags [CODE] [/CODE] durch Einfügen mit Strg+V als Antwort in Deinen Thread.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 04.05.2014, 19:32   #14
Jorinde
 
TR/Dldr.Esitgun.A eingefangen - Standard

TR/Dldr.Esitgun.A eingefangen


So, hier sind die neuen logs von Frst.
Frst.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-05-2014
Ran by ju (administrator) on JUTTA-PRIVAT on 04-05-2014 20:23:17
Running from C:\Users\ju\Downloads
Microsoft Windows 8 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantDisplayService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Settings\CmdServer\EasyLauncher.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\ProgramData\Samsung\Service\SamsungConfiguration.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Touch Supporter\External\InputSupporter\InputSupporter.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Mini S Note\MiniSNoteAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Touch Supporter\TouchSupporter.exe
() C:\Program Files\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Windows\System32\hsmon.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(The Document Foundation) C:\Program Files\LibreOffice 4\program\swriter.exe
(The Document Foundation) C:\Program Files\LibreOffice 4\program\soffice.exe
(The Document Foundation) C:\Program Files\LibreOffice 4\program\soffice.bin


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2760408 2013-10-20] (Realtek Semiconductor)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM\...\Run: [Intel AppUp(SM) center] => C:\Program Files\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM\...\Run: [Norton Online Backup] => C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe [2304192 2012-08-15] (Symantec Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2234656 2013-02-18] (ELAN Microelectronics Corp.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [73216 2012-12-27] (Intel Corporation)
HKLM\...\Run: [IntelHeadphoneMonitor] => C:\windows\system32\hsmon.exe [101888 2013-07-03] (Intel(R) Corporation)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-11-02] (Western Digital Technologies, Inc.)
HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKU\.DEFAULT\...\RunOnce: [Application Restart #1] - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [353120 2012-10-11] (Microsoft Corporation)
HKU\S-1-5-21-3136178970-1929047109-2096448968-1001\...\MountPoints2: {1740425a-8b1f-11e3-b1fe-c04b5856b51f} - "D:\AutoRun.exe" 
HKU\S-1-5-21-3136178970-1929047109-2096448968-1001\...\MountPoints2: {a1528d37-5de8-11e3-b183-beefd1f990c1} - "D:\AutoRun.exe" 
HKU\S-1-5-21-3136178970-1929047109-2096448968-1001\...\MountPoints2: {a1528d84-5de8-11e3-b183-beefd1f990c1} - "D:\AutoRun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {798B105B-7EB5-4F5D-AEC7-7CF3A8AFA8A9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - {798B105B-7EB5-4F5D-AEC7-7CF3A8AFA8A9} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {7ECFA5B2-97DA-43BC-BF57-85492474C45E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317892&CUI=UN94040880539732837&UM=2
SearchScopes: HKCU - {D236C34A-B256-42A3-B5D0-AA1F49282084} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=628b3433-c265-48ee-9dc7-4ebfbf0273a8&apn_sauid=F63EC2E9-0303-43C6-AE63-0960BFE90E31
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2C99D7DB-9025-49B0-AA29-4653A9D0C3A4}: [NameServer]10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{4AA3330B-37F3-4F7D-BA80-F353BF30D0E6}: [NameServer] 
Tcpip\..\Interfaces\{80B3E488-A266-48E1-9D2B-C6E097FA1572}: [NameServer]10.74.210.210,10.74.210.211

FireFox:
========
FF ProfilePath: C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.tagesschau.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: AddThis - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2013-03-23]
FF Extension: Ghostery - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\firefox@ghostery.com.xpi [2014-04-23]
FF Extension: Bluhell Firewall - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-03-29]
FF Extension: Web Developer - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-12-07]
FF Extension: Ecosia - The search engine that plants trees - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2013-11-04]
FF Extension: Adblock Plus - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-03]
FF Extension: Adblock Edge - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\77kekxjg.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-04-12]

Chrome: 
=======
CHR HomePage: 
CHR Extension: (No Name) - C:\Users\ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfigonhgidedenkkhlilmefgodjpefna [2014-01-04]
CHR Extension: (Google Wallet) - C:\Users\ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
R2 DptfParticipantDisplayService; C:\windows\system32\DptfParticipantDisplayService.exe [103424 2012-12-27] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\windows\system32\DptfParticipantProcessorService.exe [75776 2012-12-27] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\windows\system32\DptfPolicyCriticalService.exe [68608 2012-12-27] (Intel Corporation)
S2 DptfPolicyLpmService; C:\windows\system32\DptfPolicyLpmService.exe [81920 2012-12-27] (Intel Corporation)
R2 Easy Launcher; C:\Program Files\Samsung\Settings\CmdServer\EasyLauncher.exe [1594568 2013-01-03] (Samsung Electronics CO., LTD.)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 Internet Manager. RunOuc; C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2011-06-17] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2952896 2012-08-15] (Symantec Corporation)
R2 SamsungConfigurationWinService; C:\Programdata\Samsung\Service\SamsungConfiguration.exe [32256 2013-03-14] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [6054816 2012-09-20] (Wacom Technology, Corp.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\system32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\windows\system32\DRIVERS\ax88772.sys [91136 2012-07-07] (ASIX Electronics Corp.)
R1 BasicRender; C:\windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)
R3 BCMSDH43XX; C:\windows\system32\DRIVERS\bcmdhd63.sys [833816 2012-10-02] (Broadcom)
S3 BthLEEnum; C:\windows\system32\DRIVERS\BthLEEnum.sys [165376 2012-07-26] (Microsoft Corporation)
S3 BthMini; C:\windows\System32\Drivers\BTHMINI.sys [23552 2013-01-09] (Microsoft Corporation)
S3 btwampfl; C:\windows\system32\drivers\btwampfl.sys [140152 2012-10-16] (Broadcom Corporation.)
R3 BtwSerialBus; C:\windows\System32\drivers\BtwSerialBus.sys [114456 2012-12-14] (Broadcom Corporation.)
R3 camera; C:\windows\system32\DRIVERS\camera.sys [201728 2012-12-27] (Intel Corporation)
R1 ccSet_NARA; C:\windows\system32\drivers\NARA\0401000.00E\ccSetx86.sys [134304 2012-05-26] (Symantec Corporation)
R0 ChaabiDriver; C:\windows\System32\drivers\ChaabiDriver.sys [72280 2012-12-27] (Intel Corporation)
R0 clvpep; C:\windows\System32\drivers\clvpep.sys [81648 2012-11-02] (Intel Corporation)
R3 DptfDevDisplay; C:\windows\system32\DRIVERS\DptfDevDisplay.sys [35840 2012-12-27] (Intel Corporation)
R3 DptfDevGen; C:\windows\system32\DRIVERS\DptfDevGen.sys [41472 2012-12-27] (Intel Corporation)
R3 DptfDevProc; C:\windows\system32\DRIVERS\DptfDevProc.sys [60928 2012-12-27] (Intel Corporation)
R3 DptfManager; C:\windows\system32\DRIVERS\DptfManager.sys [155136 2012-12-27] (Intel Corporation)
R3 ETD; C:\windows\system32\DRIVERS\ETD.sys [120608 2013-03-06] (ELAN Microelectronics Corp.)
R3 GPIOCLV; C:\windows\System32\drivers\GPIOCLV.sys [22016 2012-11-02] (Intel Corporation)
S3 hidkmdf; C:\windows\System32\drivers\hidkmdf.sys [11680 2012-09-18] (Windows (R) Win 7 DDK provider)
S3 huawei_cdcacm; C:\windows\system32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\windows\System32\drivers\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\windows\system32\DRIVERS\ew_juwwanecm.sys [202752 2012-04-23] (Huawei Technologies Co., Ltd.)
R3 igdperf32; C:\windows\system32\DRIVERS\igdperf32.sys [4096 2013-11-20] ()
R0 inteli2c; C:\windows\System32\drivers\inteli2c.sys [48880 2012-12-27] (Intel Corporation)
R3 IntelSST; C:\windows\system32\drivers\isstrtc.sys [241152 2013-07-03] (Intel(R) Corporation)
R0 Lm3554; C:\windows\System32\drivers\lm3554.sys [34304 2012-12-27] (Intel Corporation)
R0 LNWIPC; C:\windows\System32\drivers\LNWIPC.sys [25840 2012-11-02] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R0 MBI; C:\windows\System32\drivers\MBI.sys [16112 2012-11-02] (Intel Corporation)
R3 MSICReg; C:\windows\System32\drivers\MSICReg.sys [17408 2012-11-02] (Intel Corporation)
R3 mxtBootBridge; C:\windows\System32\drivers\mxtBootBridge.sys [25088 2012-09-11] (Windows (R) Win 7 DDK provider)
R3 ov2720; C:\windows\System32\drivers\ov2720.sys [43520 2012-12-27] (Intel Corporation)
R3 ov8830; C:\windows\system32\DRIVERS\ov8830.sys [61440 2012-12-27] (Intel Corporation)
R3 PSI; C:\windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
R3 rtii2sac; C:\windows\system32\DRIVERS\rtii2sac.sys [142552 2013-10-20] (Realtek Semiconductor Corp.)
R3 SensorsHIDClassDriver; C:\windows\System32\drivers\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
R3 spi; C:\windows\System32\drivers\spi.sys [46592 2012-11-02] (Intel Corporation)
S1 ssmdrv; C:\windows\system32\DRIVERS\ssmdrv.sys [28520 2013-03-15] (Avira GmbH)
S3 TVICHW32; C:\windows\system32\DRIVERS\TVICHW32.SYS [29536 2013-08-03] (EnTech Taiwan)
R3 Uart16550pc; C:\windows\System32\drivers\Uart16550pc.sys [40960 2012-11-02] (Intel Corporation)
R3 WacHidRouter; C:\windows\System32\drivers\wachidrouter.sys [75064 2013-07-26] (Wacom Technology)
R3 wacomrouterfilter; C:\windows\System32\drivers\wacomrouterfilter.sys [13728 2012-09-18] (Wacom Technology)
R3 wmbclass; C:\windows\System32\drivers\wmbclass.sys [191488 2013-04-06] (Microsoft Corporation)
S3 BcmGnssBus; \SystemRoot\System32\drivers\BcmGnssBus.sys [X]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-04 20:23 - 2014-05-04 20:23 - 00019722 _____ () C:\Users\ju\Downloads\FRST.txt
2014-05-04 20:21 - 2014-05-04 20:21 - 01051648 _____ (Farbar) C:\Users\ju\Downloads\FRST.exe
2014-05-04 20:21 - 2014-05-04 20:21 - 00000000 ____D () C:\Users\ju\Downloads\FRST-OlderVersion
2014-05-04 20:14 - 2014-05-04 20:14 - 00001705 _____ () C:\Users\ju\Desktop\malwarebytes20140504.txt
2014-05-04 20:10 - 2014-05-04 20:10 - 00008192 _____ () C:\windows\system32\WDPABKP.dat
2014-05-04 19:27 - 2014-05-04 20:12 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-04 19:26 - 2014-05-04 19:26 - 00001051 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-04 19:26 - 2014-05-04 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-04 19:26 - 2014-05-04 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-04 19:26 - 2014-05-04 19:26 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-04 19:26 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-04 19:26 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-04 19:26 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-04 12:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\system32\sqlite3.dll
2014-05-04 12:57 - 2014-05-04 19:19 - 00000000 ____D () C:\AdwCleaner
2014-05-04 12:53 - 2014-05-04 12:54 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ju\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-04 12:52 - 2014-05-04 12:52 - 01310621 _____ () C:\Users\ju\Desktop\adwcleaner-3.205.exe
2014-05-03 15:06 - 2014-05-03 15:07 - 00031113 _____ () C:\Users\ju\Downloads\Addition.txt
2014-05-03 15:05 - 2014-05-04 20:23 - 00000000 ____D () C:\FRST
2014-05-02 16:27 - 2014-05-02 16:27 - 00283376 _____ (Mozilla) C:\Users\ju\Downloads\Firefox Setup Stub 29.0.exe
2014-05-02 11:48 - 2014-05-02 17:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-01 12:39 - 2014-05-01 16:38 - 00000000 ____D () C:\Users\ju\AppData\Roaming\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00002717 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ___RD () C:\Program Files\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ____D () C:\Users\ju\AppData\Local\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ____D () C:\ProgramData\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-01 12:32 - 2014-05-01 12:34 - 34827424 _____ (Skype Technologies S.A.) C:\Users\ju\Downloads\SkypeSetupFull6.14.73.104.exe
2014-05-01 12:27 - 2014-05-01 12:27 - 00000000 ____D () C:\Users\ju\AppData\Roaming\convert
2014-05-01 00:44 - 2014-05-01 12:18 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-30 03:00 - 2014-04-23 01:47 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-04-30 03:00 - 2014-04-23 01:47 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-16 23:30 - 2014-04-16 23:30 - 00002017 _____ () C:\Users\Public\Desktop\Support Center.lnk
2014-04-13 19:45 - 2014-04-13 19:45 - 00001798 _____ () C:\Users\ju\Documents\DeliVerfall0.odb
2014-04-13 18:54 - 2014-04-13 18:55 - 02278856 _____ () C:\Users\ju\Downloads\avira_pc_cleaner_de.exe
2014-04-11 07:51 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-04-11 07:50 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-11 07:50 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-11 07:50 - 2014-03-07 02:48 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-11 07:50 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-11 07:50 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-11 07:50 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-11 07:50 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-04-11 07:50 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-11 07:50 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-11 07:50 - 2014-02-06 01:37 - 01011712 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-11 07:50 - 2014-02-06 01:37 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-04-11 07:50 - 2014-02-03 22:41 - 00303448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-11 07:50 - 2014-02-03 22:41 - 00238424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-11 07:50 - 2014-01-31 03:33 - 00200384 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-04-11 07:50 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-04-11 07:50 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2014-04-11 07:50 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-04-11 07:50 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-11 07:50 - 2014-01-27 03:37 - 01799512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-04-11 07:50 - 2014-01-27 03:09 - 01618264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-11 07:50 - 2014-01-27 01:16 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml
2014-04-11 07:50 - 2014-01-16 01:42 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2014-04-11 07:50 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-04-11 07:50 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-04-11 07:50 - 2013-10-25 06:45 - 00661504 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-04-11 07:50 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-04-11 07:50 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-11 07:50 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-04-11 07:50 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-11 07:50 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-11 07:50 - 2012-11-08 06:24 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-11 07:49 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-07 23:28 - 2014-04-07 23:28 - 00008709 _____ () C:\Users\ju\Documents\bsi.odt
2014-04-06 15:26 - 2014-04-06 15:26 - 00000000 ____D () C:\Users\ju\AppData\Roaming\S Note

==================== One Month Modified Files and Folders =======

2014-05-04 20:23 - 2014-05-04 20:23 - 00019722 _____ () C:\Users\ju\Downloads\FRST.txt
2014-05-04 20:23 - 2014-05-03 15:05 - 00000000 ____D () C:\FRST
2014-05-04 20:21 - 2014-05-04 20:21 - 01051648 _____ (Farbar) C:\Users\ju\Downloads\FRST.exe
2014-05-04 20:21 - 2014-05-04 20:21 - 00000000 ____D () C:\Users\ju\Downloads\FRST-OlderVersion
2014-05-04 20:19 - 2012-12-14 08:09 - 00000360 _____ () C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2014-05-04 20:16 - 2012-07-26 07:17 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-04 20:14 - 2014-05-04 20:14 - 00001705 _____ () C:\Users\ju\Desktop\malwarebytes20140504.txt
2014-05-04 20:12 - 2014-05-04 19:27 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-04 20:10 - 2014-05-04 20:10 - 00008192 _____ () C:\windows\system32\WDPABKP.dat
2014-05-04 20:10 - 2013-03-15 10:24 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-04 20:09 - 2012-07-26 08:04 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-04 20:03 - 2013-03-23 01:20 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-04 20:01 - 2013-03-15 10:24 - 00001116 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-04 20:00 - 2012-07-26 08:53 - 00000000 ____D () C:\windows\system32\sru
2014-05-04 19:50 - 2013-03-15 09:47 - 00000000 ____D () C:\Users\ju\AppData\Local\CrashDumps
2014-05-04 19:26 - 2014-05-04 19:26 - 00001051 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-04 19:26 - 2014-05-04 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-04 19:26 - 2014-05-04 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-04 19:26 - 2014-05-04 19:26 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-04 19:19 - 2014-05-04 12:57 - 00000000 ____D () C:\AdwCleaner
2014-05-04 13:21 - 2012-07-26 07:10 - 00688142 _____ () C:\windows\PFRO.log
2014-05-04 13:21 - 2012-07-26 06:17 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-05-04 12:54 - 2014-05-04 12:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ju\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-04 12:52 - 2014-05-04 12:52 - 01310621 _____ () C:\Users\ju\Desktop\adwcleaner-3.205.exe
2014-05-04 10:53 - 2012-07-26 08:53 - 00000000 ____D () C:\windows\Microsoft.NET
2014-05-03 15:07 - 2014-05-03 15:06 - 00031113 _____ () C:\Users\ju\Downloads\Addition.txt
2014-05-03 12:29 - 2013-03-16 13:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-02 17:26 - 2014-05-02 11:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-02 17:26 - 2013-03-16 13:45 - 00001098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-02 17:26 - 2013-03-16 13:45 - 00001086 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-02 16:27 - 2014-05-02 16:27 - 00283376 _____ (Mozilla) C:\Users\ju\Downloads\Firefox Setup Stub 29.0.exe
2014-05-02 15:10 - 2014-02-26 00:34 - 00002038 _____ () C:\Users\ju\Desktop\Entfernen des Avira PC Cleaners.lnk
2014-05-02 15:10 - 2014-02-15 19:18 - 00001978 _____ () C:\Users\ju\Desktop\Avira PC Cleaner.lnk
2014-05-02 10:16 - 2012-07-26 08:53 - 00000000 ____D () C:\windows\system32\NDF
2014-05-02 00:14 - 2013-03-14 21:13 - 02078881 _____ () C:\windows\WindowsUpdate.log
2014-05-01 16:38 - 2014-05-01 12:39 - 00000000 ____D () C:\Users\ju\AppData\Roaming\Skype
2014-05-01 13:41 - 2013-03-15 12:32 - 00000000 ____D () C:\Users\ju\Documents\Privat
2014-05-01 12:39 - 2014-05-01 12:39 - 00002717 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ___RD () C:\Program Files\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ____D () C:\Users\ju\AppData\Local\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ____D () C:\ProgramData\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-01 12:39 - 2014-05-01 12:39 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-01 12:34 - 2014-05-01 12:32 - 34827424 _____ (Skype Technologies S.A.) C:\Users\ju\Downloads\SkypeSetupFull6.14.73.104.exe
2014-05-01 12:27 - 2014-05-01 12:27 - 00000000 ____D () C:\Users\ju\AppData\Roaming\convert
2014-05-01 12:18 - 2014-05-01 00:44 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 22:27 - 2012-07-26 08:53 - 00000000 ____D () C:\windows\AUInstallAgent
2014-04-29 20:16 - 2013-03-15 10:25 - 00002094 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-23 01:47 - 2014-04-30 03:00 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-04-23 01:47 - 2014-04-30 03:00 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-19 20:41 - 2013-11-16 11:19 - 00000000 ____D () C:\Users\ju\Documents\BUND
2014-04-16 23:30 - 2014-04-16 23:30 - 00002017 _____ () C:\Users\Public\Desktop\Support Center.lnk
2014-04-16 23:30 - 2012-12-14 06:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-04-14 19:06 - 2013-03-15 12:33 - 00000000 ____D () C:\Users\ju\AppData\Local\Adobe
2014-04-13 19:51 - 2013-03-15 12:31 - 00000000 ____D () C:\Users\ju\Documents\Gruene
2014-04-13 19:45 - 2014-04-13 19:45 - 00001798 _____ () C:\Users\ju\Documents\DeliVerfall0.odb
2014-04-13 18:55 - 2014-04-13 18:54 - 02278856 _____ () C:\Users\ju\Downloads\avira_pc_cleaner_de.exe
2014-04-11 12:19 - 2012-07-26 08:53 - 00000000 ____D () C:\windows\rescache
2014-04-11 08:02 - 2012-07-26 08:53 - 00000000 ___RD () C:\windows\ToastData
2014-04-11 08:02 - 2012-07-26 08:53 - 00000000 ____D () C:\windows\WinStore
2014-04-11 07:57 - 2013-07-21 21:21 - 00000000 ____D () C:\windows\system32\MRT
2014-04-11 07:53 - 2013-03-14 22:51 - 88028728 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-07 23:28 - 2014-04-07 23:28 - 00008709 _____ () C:\Users\ju\Documents\bsi.odt
2014-04-06 15:26 - 2014-04-06 15:26 - 00000000 ____D () C:\Users\ju\AppData\Roaming\S Note
2014-04-04 02:12 - 2013-04-21 23:29 - 00011759 _____ () C:\Users\ju\Documents\Unbenannt 1.odt

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\ju\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-27 13:59

==================== End Of Log ============================
und Additions.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:04-05-2014
Ran by ju at 2014-05-04 20:24:39
Running from C:\Users\ju\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-PDF Maker Version 1.4.1 (Build 128) (HKLM\...\7-PDF Maker_is1) (Version: 7-PDF Maker - Version 1.4.1 (Build 128) - 7-PDF, Germany - Thorsten Hodes)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
E-POP (HKLM\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare USB-X86 11.7.0.426_WHQL (HKLM\...\Elantech) (Version: 11.7.0.426 - ELAN Microelectronic Corp.)
Fotogalerie (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
Intel AppUp(SM) center (HKLM\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.14.3.1099 - Intel Corporation)
Internet Manager (HKLM\...\Internet Manager) (Version: 22.001.18.68.55 - Huawei Technologies Co.,Ltd)
ISD Tablet (HKLM\...\ISD Tablet Driver) (Version: 7.1.0-5 - Wacom Technology Corp.)
LibreOffice 4.0 Help Pack (German) (HKLM\...\{FE231FC3-A6F1-45D4-AE1B-C591610EBC32}) (Version: 4.0.5.2 - The Document Foundation)
LibreOffice 4.1.4.2 (HKLM\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mini S Note (HKLM\...\{D3D81CA0-B970-43A0-ACD0-DC7A36B85910}) (Version: 1.0.28.1 - Samsung Electronics CO. LTD)
Movie Maker (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0 (x86 de) (HKLM\...\Mozilla Firefox 29.0 (x86 de)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Norton Online Backup (HKLM\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (Version: 4.1.0.14 - Symantec Corporation) Hidden
PDF Writer for Windows 8 (HKLM\...\PDF Writer for Windows 8_is1) (Version:  - Wondersoft)
PDF24 Creator 6.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photo Common (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PicPick (HKLM\...\PicPick) (Version: 3.2.4 - NTeWORKS)
Raccolta foto (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.3082 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Secunia PSI (3.0.0.7011) (HKLM\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Settings (HKLM\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Support Center (HKLM\...\{AB0DEFBB-1A16-47B5-86D2-39F0A2B24AE4}) (Version: 2.1.1210 - Samsung Electronics CO., LTD.)
Support Center FAQ (Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
Touch Supporter (HKLM\...\{F33066D2-6BDA-4F95-85BD-7E8CB6F64FAB}_is1) (Version: 2.0.0.35 - Samsung Electronics CO., LTD.)
User Guide (HKLM\...\{ED584F38-A39D-4FBF-ADC0-CE2C343CAF21}) (Version: 2.4.00 - Samsung Electronics CO., LTD.)
WD Drive Utilities (HKLM\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM\...\{507B1304-194A-4204-A9D9-9BAAF51EF760}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{8A7B24E8-864E-4794-95C4-17644D0991AA}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{FDAEE697-A659-43C5-9520-6DA298EF021E}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{ba99df5b-3e46-419e-81e2-544352772fda}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.3600 - Broadcom Corporation)
Windows Driver Package - Broadcom (bcmfn2) System  (08/30/2012 20.43.14.119) (HKLM\...\8ACEFA31AC73553F5EEFA5785AD8D4D0E850401F) (Version: 08/30/2012 20.43.14.119 - Broadcom)
Windows Driver Package - Broadcom (BCMSDH43XX) Net  (09/28/2012 5.93.97.76) (HKLM\...\D5631A91EBAF24FAF75D27148329D007EA6B8580) (Version: 09/28/2012 5.93.97.76 - Broadcom)
Windows Driver Package - Broadcom (BtwSerialBus) System  (10/03/2012 12.0.0.2920) (HKLM\...\B21CF2229A6456E95E3A51F820F8DF8F6440233D) (Version: 10/03/2012 12.0.0.2920 - Broadcom)
Windows Driver Package - Nuvoton Technology Corporation (WUDFRd) System  (09/20/2012 8.1.111.5005) (HKLM\...\A8639B06FC592D11B23C8B90C30A55A1B8234A1F) (Version: 09/20/2012 8.1.111.5005 - Nuvoton Technology Corporation)
Windows Live (HKLM\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Xerox PhotoCafe (HKLM\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)

==================== Restore Points  =========================

27-04-2014 11:59:20 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04D355F6-EB31-4707-A7F6-5C5BC6BF371C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: {1AC2CFF0-8D74-45F0-89E8-12A5C4AA01D9} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {25B122B9-9B8E-4FF2-8FDA-8029BCBBCC11} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {280F05D8-45FD-406B-8D5F-7DD164683B49} - System32\Tasks\Western Digital\SmartWare\____Volume_2fc6c1c1_1c9a_4d65_83f6_1de959507ffd______Volume_1ee9d372_7f9a_11e3_b1dd_9584b1b6527c__ => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe [2013-11-02] (Western Digital Technologies, Inc.)
Task: {288FD4FC-A76D-43D6-A7B1-1DB2B7625011} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-15] (Google Inc.)
Task: {37D7B9A3-6FA4-47F7-96D0-B977506B1B00} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {4CBD6812-B82E-4761-A152-C1B289BA46DE} - System32\Tasks\TouchSupporter => C:\Program Files\Samsung\Touch Supporter\TouchSupporter.exe [2012-11-14] (Samsung Electronics CO., LTD.)
Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {6DE1E207-66D2-4D8C-8469-74A88864C322} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-15] (Google Inc.)
Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A9B34D8E-4202-433A-86A4-17E625D16684} - System32\Tasks\Settings => C:\Program Files\Samsung\Settings\sSettings.exe [2013-01-03] (Samsung Electronics CO., LTD.)
Task: {CBAAAF6B-1F2D-4CC9-8DCE-70A29192A0C9} - System32\Tasks\InputSupporter => C:\Program Files\Samsung\Touch Supporter\External\InputSupporter\InputSupporter.exe [2012-11-14] (Samsung Electronics CO., LTD.)
Task: {CD4CED2F-9A2C-4B71-83BA-AF8A6BF13407} - System32\Tasks\SNoteAgent => C:\Program Files\Samsung\Mini S Note\MiniSNoteAgent.exe [2012-11-13] (Samsung Electronics CO., LTD.)
Task: {E222FC0A-2A9C-4F75-9113-2C5D05150523} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {EF9592CE-7796-47A6-9CD5-8630640D45BB} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2013-01-03 23:08 - 2013-01-03 23:08 - 00211064 _____ () C:\Program Files\Samsung\Settings\CmdServer\WinCRT.dll
2013-03-15 10:36 - 2013-03-15 10:35 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2012-10-21 13:41 - 2012-10-21 13:41 - 00042872 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2011-03-14 17:27 - 2011-03-14 17:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2014-05-04 20:09 - 2011-06-17 13:04 - 00224096 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
2013-12-05 22:13 - 2009-01-10 12:32 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
2013-12-05 22:13 - 2009-06-22 20:42 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2013-12-05 22:13 - 2010-05-05 10:47 - 02415104 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
2013-12-05 22:13 - 2010-02-10 16:10 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
2013-09-23 23:18 - 2013-03-14 11:59 - 00032256 _____ () C:\Programdata\Samsung\Service\SamsungConfiguration.exe
2012-12-14 07:03 - 2012-09-20 04:02 - 00963488 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2013-01-03 23:08 - 2013-01-03 23:08 - 00085192 _____ () C:\Program Files\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2013-01-03 23:08 - 2013-01-03 23:08 - 00029384 _____ () C:\Program Files\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2013-01-03 23:09 - 2013-01-03 23:09 - 01080520 _____ () C:\Program Files\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2013-01-03 23:08 - 2013-01-03 23:08 - 00111304 _____ () C:\Program Files\Samsung\Settings\CmdServer\EasySettingsBase.dll
2013-01-03 23:08 - 2013-01-03 23:08 - 00056440 _____ () C:\Program Files\Samsung\Settings\CmdServer\HookDllPS2.dll
2013-01-03 23:08 - 2013-01-03 23:08 - 00027336 _____ () C:\Program Files\Samsung\Settings\EasySettingsAPI.dll
2013-01-03 23:09 - 2013-01-03 23:09 - 00111304 _____ () C:\Program Files\Samsung\Settings\EasySettingsBase.dll
2013-01-03 23:08 - 2013-01-03 23:08 - 00061128 _____ () C:\Program Files\Samsung\Settings\EasyMovieEnhancer.dll
2013-01-03 23:08 - 2013-01-03 23:08 - 00103624 _____ () C:\Program Files\Samsung\Settings\EasySettingsCmdClient.dll
2014-03-19 11:39 - 2014-03-19 11:39 - 00081456 _____ () C:\Program Files\Samsung\S Agent\ToastDLL.dll
2014-05-02 17:26 - 2014-04-22 11:25 - 03845232 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-12-11 12:43 - 2013-12-11 12:43 - 01008656 _____ () C:\Program Files\LibreOffice 4\program\libxml2.dll
2013-12-11 12:43 - 2013-12-11 12:43 - 00178192 _____ () C:\Program Files\LibreOffice 4\program\libxslt.dll
2013-12-10 20:21 - 2013-12-10 20:21 - 00073216 _____ () C:\Program Files\LibreOffice 4\program\python3.dll
2013-12-10 20:11 - 2013-12-10 20:11 - 00049152 _____ () C:\Program Files\LibreOffice 4\program\python-core-3.3.0\lib\_socket.pyd

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gpioclv.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\inteli2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lnwipc.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/04/2014 07:49:45 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.500, Zeitstempel: 0x533d8de2
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x8f4
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5

Error: (05/04/2014 01:23:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SamsungConfiguration.exe, Version: 0.0.0.0, Zeitstempel: 0x51413ad4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x7dc
Startzeit der fehlerhaften Anwendung: 0xSamsungConfiguration.exe0
Pfad der fehlerhaften Anwendung: SamsungConfiguration.exe1
Pfad des fehlerhaften Moduls: SamsungConfiguration.exe2
Berichtskennung: SamsungConfiguration.exe3
Vollständiger Name des fehlerhaften Pakets: SamsungConfiguration.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SamsungConfiguration.exe5

Error: (05/04/2014 01:22:09 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (05/03/2014 01:36:13 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/03/2014 01:36:13 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/03/2014 01:36:13 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/03/2014 01:27:33 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/03/2014 01:27:28 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/03/2014 01:27:28 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/03/2014 00:30:17 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4


System errors:
=============
Error: (05/04/2014 08:09:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/04/2014 08:09:58 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.

Error: (05/04/2014 07:17:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/04/2014 07:17:30 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.

Error: (05/04/2014 01:23:20 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: 1069netprofmNicht verfügbar{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (05/04/2014 01:23:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSDP-Suche" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (05/04/2014 01:23:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSDPSRV" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/04/2014 01:23:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (05/04/2014 01:23:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "netprofm" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/04/2014 01:23:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1062


Microsoft Office Sessions:
=========================
Error: (05/04/2014 07:49:45 PM) (Source: Application Error)(User: )
Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd8f401cf67be0f4ce961C:\Program Files\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files\ Malwarebytes Anti-Malware \MSVCR100.dll7a208304-d3b4-11e3-b27b-e9a65d8916d5

Error: (05/04/2014 01:23:09 PM) (Source: Application Error)(User: )
Description: SamsungConfiguration.exe0.0.0.051413ad4unknown0.0.0.000000000c0000005000000007dc01cf678b14ccf419C:\Programdata\Samsung\Service\SamsungConfiguration.exeunknown7833cc0f-d37e-11e3-b27a-002637ee5584

Error: (05/04/2014 01:22:09 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (05/03/2014 01:36:13 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Settings\CmdServer\ExpressCacheRun64.exe

Error: (05/03/2014 01:36:13 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Settings\CmdServer\VendorAPIRun64.exe

Error: (05/03/2014 01:36:13 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Settings\CmdServer\Touchpad\x64\SetTouchpadControl64.exe

Error: (05/03/2014 01:27:33 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Settings\CmdServer\ExpressCacheRun64.exe

Error: (05/03/2014 01:27:28 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Settings\CmdServer\VendorAPIRun64.exe

Error: (05/03/2014 01:27:28 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Settings\CmdServer\Touchpad\x64\SetTouchpadControl64.exe

Error: (05/03/2014 00:30:17 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll4


CodeIntegrity Errors:
===================================
  Date: 2014-05-04 20:09:41.736
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-04 19:17:12.393
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-04 13:21:49.767
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-04 10:38:03.970
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-03 12:29:55.173
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-02 10:14:14.658
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-01 21:41:43.580
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-01 16:14:37.548
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-01 12:16:48.955
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-29 19:26:15.439
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\ssmdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 58%
Total physical RAM: 1962.46 MB
Available physical RAM: 820.2 MB
Total Pagefile: 2666.46 MB
Available Pagefile: 1245.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.47 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:51.44 GB) (Free:17.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 58 GB) (Disk ID: 0AEBCAD5)

Partition: GPT Partition Type.

==================== End Of Log ============================
danke für Eure Hilfe!

Jorinde

Alt 04.05.2014, 19:33   #15
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
TR/Dldr.Esitgun.A eingefangen - Standard

TR/Dldr.Esitgun.A eingefangen


Sehr gut, bitte Malwarebytes noch posten, DANKE!
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort
Seite 1 von 2 1 2

Themen zu TR/Dldr.Esitgun.A eingefangen
avira, cleaner, dauerhaft, eingefangen, entferne, entfernen, gefangen, gen, lösch, löscht, pc plätten, sofort, troja, trojaner


« Windows Firewall Fehler 0X8007042c bei Neuinstallation HP Photosmart B110 Software | Virenfund Trojan Downloader: Win32/Brantall.B »


Ähnliche Themen: TR/Dldr.Esitgun.A eingefangen


  1. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  2. TR/Dldr.Phdet.E.41/ EXP/2008-5353.CP/JAVA/Dldr.Lamar.BD/TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (29)
  3. Virus/Maleware: JAVA/Dldr.OpenS eingefangen, wie werde ich sie los, was ist gefährdet?
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (2)
  4. TR/Dldr.Small.baxg, TR/Dldr.Small.baxh, TR/Dldr.Small.baxe, TR/Dldr.Small.baxe kommen zum 2ten mal
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (54)
  5. TR/Dldr.Small.baxg, TR/Dldr.Small.baxh, TR/Dldr.Small.baxe, TR/Dldr.Small.baxe kommen zum 2ten mal
    Mülltonne - 01.12.2010 (0)
  6. TR/Dldr.Agent.bips.46 eingefangen - aber wenig Auffälligkeiten
    Plagegeister aller Art und deren Bekämpfung - 11.05.2009 (0)
  7. [SWF/Dldr.Gida.A] eingefangen...
    Plagegeister aller Art und deren Bekämpfung - 06.01.2008 (19)
  8. TR/Dldr.Swizzor.Gen eingefangen... :(
    Plagegeister aller Art und deren Bekämpfung - 26.05.2007 (3)
  9. Hilfe! Habe mir Dldr.Small.bjc eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.02.2007 (8)
  10. Trojaner TR/DLdr.ZLob.DR und TR/DLdr.ZLob.DQ und TR/ZLob.FG.2.C eingefangen. Was tun?
    Log-Analyse und Auswertung - 06.01.2006 (1)
  11. Hilfe habe mir den TR/Dldr.Sma.aqa.4.D eingefangen
    Plagegeister aller Art und deren Bekämpfung - 11.09.2005 (8)
  12. Oh Man wat fieses eingefangen ! TR/Dldr.Agent.bc.12
    Plagegeister aller Art und deren Bekämpfung - 25.06.2005 (16)
  13. TR/Dldr.Delf.DG | TR/StartPage.IG | TR/Dldr.Small.YX.1 | HTML script virus | dialer
    Log-Analyse und Auswertung - 14.04.2005 (7)
  14. Tr/Dldr.IstBar.gen - Tr/Dldr.Dvfuca.X - Tr/dldr.small.xo
    Plagegeister aller Art und deren Bekämpfung - 06.03.2005 (8)
  15. hilfe habe tr/dldr.agent eingefangen
    Log-Analyse und Auswertung - 08.01.2005 (10)
  16. tr/dldr.small.or eingefangen. Wer hilft?
    Log-Analyse und Auswertung - 01.10.2004 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Dldr.Esitgun.A eingefangen - Liebes Forum wie kann ich diesen Trojaner DAUERHAFT entfernen? Der Avira PC Cleaner löscht ihn, aber er kommt sofort wieder. Muss ich den PC plätten? DAnke für Eure Hilfe Jorinde - TR/Dldr.Esitgun.A eingefangen...
Archiv
Du betrachtest: TR/Dldr.Esitgun.A eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131