| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fehlermeldung - "Fehler: Server nicht gefunden"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.02.2015, 18:09
| #1 |
| |  Fehlermeldung - "Fehler: Server nicht gefunden" Liebes Trojaner-Board, ich folgendes Problem: Seit ca. 1 Woche begann ständig unerwünschte Werbung in meinem INet-Browser aufzupoppen und das trotz AdBlocker. Weiter hatte ich Probleme mit dem Proxy-Server und die in der Überschrift beschriebene Fehlermeldung. Daraufhin beschloss ich Antimalwarebytes über meinen Rechner laufenzulassen. Folgendes kam dabei heraus: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 29.01.2015 Suchlauf-Zeit: 16:24:15 Logdatei: Maleware-Scan 29.01.2015.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.11.20.06 Rootkit Datenbank: v2014.11.18.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Samsung Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 334367 Verstrichene Zeit: 5 Min, 17 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Client.exe, 6392, Löschen bei Neustart, [a363ab93cab2fa3cb49a229164a035cb] Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 20 PUP.Optional.Spigot, HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, In Quarantäne, [f21446f888f4a78fed66338fd52de21e], PUP.Optional.Spigot, HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\INPROCSERVER32, In Quarantäne, [f21446f888f4a78fed66338fd52de21e], PUP.Optional.Spigot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, In Quarantäne, [f21446f888f4a78fed66338fd52de21e], PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, In Quarantäne, [f21446f888f4a78fed66338fd52de21e], PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, In Quarantäne, [f21446f888f4a78fed66338fd52de21e], PUP.Optional.Spigot, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, In Quarantäne, [f21446f888f4a78fed66338fd52de21e], PUP.Optional.Spigot, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, In Quarantäne, [f21446f888f4a78fed66338fd52de21e], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [778f42fc94e860d6c648698cb15134cc], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [778f42fc94e860d6c648698cb15134cc], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64, In Quarantäne, [e620043a1f5d0f273f4dcb8102014bb5], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{371bcf01-e691-44bf-9345-60788e5d16a5}Gw64, In Quarantäne, [38ced26c542867cfd5b71a322dd6758b], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{4cff408a-d9e7-47c3-a711-95133fcf7f45}Gw64, In Quarantäne, [fd09da64770582b4810b8bc17390c739], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64, In Quarantäne, [7b8bc27cf8845adc335970dca65dba46], PUP.Optional.SearchExtensions.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RocketTab, In Quarantäne, [a363ab93cab2fa3cb49a229164a035cb], PUP.Optional.RocketTab.A, HKLM\SOFTWARE\WOW6432NODE\RocketTab, In Quarantäne, [63a39ba3bcc048ee2dd9a99be3209868], PUP.Optional.RocketTab.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RocketTabInstalled, In Quarantäne, [40c65ce2d8a4b97d0dfaa79d9a69c63a], PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, In Quarantäne, [d432b48aa4d8e0561fc7f47d57ac2fd1], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [0204201e037993a3738f0175c63db44c], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [ce3870ce5c205cda90a74f3de42037c9], PUP.Optional.RocketTab.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS, In Quarantäne, [e2241c2214685cda69e82f844fb59769], Registrierungswerte: 3 PUP.Optional.InstallCore.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0R0DtO0U1C1S1U1StR0J1Q2P1J1K1I2R, In Quarantäne, [ce3870ce5c205cda90a74f3de42037c9] PUP.Optional.Vosteran.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|WSE_Vosteran, In Quarantäne, [08fe95a903793df9e83cf5c0b351bd43], PUP.Optional.RocketTab.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS|RocketTab, 1, In Quarantäne, [e2241c2214685cda69e82f844fb59769] Registrierungsdaten: 1 PUP.Optional.Vosteran.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://vosteran.com/?f=1&a=vst_ggbg_15_04_ie&cd=2XzuyEtN2Y1L1QzuyD0EyDtCyE0FtByCyBzyzztAyDyB0DyEtN0D0Tzu0StCtCtCyDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtBzztCyDtD0B0FtGyEtDyDtBtGyCyCtDyDtG0BzztAyBtGyB0AtDtDyDtCtD0DtDzzyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEyE0FtBtAtA0CtGtB0AtAtBtGyE0F0C0BtGzzyD0FtDtGtA0AyD0EtCyByBtA0DtA0B0B2Q&cr=239096243&ir=, Gut: (www.google.com), Schlecht: (hxxp://vosteran.com/?f=1&a=vst_ggbg_15_04_ie&cd=2XzuyEtN2Y1L1QzuyD0EyDtCyE0FtByCyBzyzztAyDyB0DyEtN0D0Tzu0StCtCtCyDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtBzztCyDtD0B0FtGyEtDyDtBtGyCyCtDyDtG0BzztAyBtGyB0AtDtDyDtCtD0DtDzzyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEyE0FtBtAtA0CtGtB0AtAtBtGyE0F0C0BtGzzyD0FtDtGtA0AyD0EtCyByBtA0DtA0B0B2Q&cr=239096243&ir=),Ersetzt,[b5517cc2225a2b0b9f68fe538c79ba46] Ordner: 5 PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions, Löschen bei Neustart, [a363ab93cab2fa3cb49a229164a035cb], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources, In Quarantäne, [a363ab93cab2fa3cb49a229164a035cb], PUP.Optional.Vosteran.A, C:\Users\Samsung\AppData\Roaming\WSE_Vosteran, In Quarantäne, [0afc9da1512b10260c7fad8a0df60ef2], PUP.Optional.Vosteran.A, C:\Users\Samsung\AppData\Roaming\WSE_Vosteran\icons_3.7.2.1, In Quarantäne, [0afc9da1512b10260c7fad8a0df60ef2], PUP.Optional.Vosteran.A, C:\Users\Samsung\AppData\Roaming\WSE_Vosteran\UpdateProc, In Quarantäne, [0afc9da1512b10260c7fad8a0df60ef2], Dateien: 28 PUP.Optional.Spigot, C:\Users\Samsung\AppData\Roaming\BrowserExtensions\Coupons64.dll, In Quarantäne, [f21446f888f4a78fed66338fd52de21e], PUP.Optional.Spigot, C:\Users\Samsung\AppData\Roaming\BrowserExtensions\Coupons.dll, In Quarantäne, [f21446f888f4a78fed66338fd52de21e], PUP.Optional.OpenCandy, C:\Users\Samsung\Downloads\DTLite4491-0356(1).exe, In Quarantäne, [ca3cd6687dffe6507e88b4c115f006fa], PUP.Optional.OpenCandy, C:\Users\Samsung\Downloads\DTLite4491-0356.exe, In Quarantäne, [16f065d95a22c6707d89542141c4f50b], PUP.Optional.Spigot, C:\Users\Samsung\Downloads\SetupYTD.exe, In Quarantäne, [7d89241a1e5e59dd14262293bc459d63], PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab, In Quarantäne, [0ef8b38b215bdd598a7f30147b883bc5], PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab Update Task, In Quarantäne, [9a6c89b56b11cb6b7099ce7635cee61a], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64.sys, In Quarantäne, [e620043a1f5d0f273f4dcb8102014bb5], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{371bcf01-e691-44bf-9345-60788e5d16a5}Gw64.sys, In Quarantäne, [38ced26c542867cfd5b71a322dd6758b], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{4cff408a-d9e7-47c3-a711-95133fcf7f45}Gw64.sys, In Quarantäne, [fd09da64770582b4810b8bc17390c739], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64.sys, In Quarantäne, [7b8bc27cf8845adc335970dca65dba46], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\TrustedRoot.cer, In Quarantäne, [a363ab93cab2fa3cb49a229164a035cb], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\certmanager.exe, In Quarantäne, [a363ab93cab2fa3cb49a229164a035cb], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\client.config, In Quarantäne, [a363ab93cab2fa3cb49a229164a035cb], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Client.exe, Löschen bei Neustart, [a363ab93cab2fa3cb49a229164a035cb], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\config.dat, In Quarantäne, [a363ab93cab2fa3cb49a229164a035cb], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\makecert.exe, In Quarantäne, [a363ab93cab2fa3cb49a229164a035cb], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\uninstall.exe, In Quarantäne, [a363ab93cab2fa3cb49a229164a035cb], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\certutil.exe, In Quarantäne, [a363ab93cab2fa3cb49a229164a035cb], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\libnspr4.dll, In Quarantäne, [a363ab93cab2fa3cb49a229164a035cb], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\libplc4.dll, In Quarantäne, [a363ab93cab2fa3cb49a229164a035cb], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\libplds4.dll, In Quarantäne, [a363ab93cab2fa3cb49a229164a035cb], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\nss3.dll, In Quarantäne, [a363ab93cab2fa3cb49a229164a035cb], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\smime3.dll, In Quarantäne, [a363ab93cab2fa3cb49a229164a035cb], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\softokn3.dll, In Quarantäne, [a363ab93cab2fa3cb49a229164a035cb], PUP.Optional.Vosteran.A, C:\Users\Samsung\AppData\Roaming\WSE_Vosteran\UpdateProc\info.dat, In Quarantäne, [0afc9da1512b10260c7fad8a0df60ef2], PUP.Optional.Vosteran.A, C:\Users\Samsung\AppData\Roaming\WSE_Vosteran\UpdateProc\STTL.DAT, In Quarantäne, [0afc9da1512b10260c7fad8a0df60ef2], PUP.Optional.Vosteran.A, C:\Users\Samsung\AppData\Roaming\WSE_Vosteran\UpdateProc\TTL.DAT, In Quarantäne, [0afc9da1512b10260c7fad8a0df60ef2], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Daraufhin habe ich alles in Quarantäne verschoben. Nach weiteren Problemen mit plötzlich sich öffnenden Suchmaschinen machte ich einen weiteren Suchlauf. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.02.2015 Suchlauf-Zeit: 14:18:08 Logdatei: Suchlauf 04.02.2015 Malewarbytes.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.04.05 Rootkit Datenbank: v2015.02.03.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Samsung Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 348967 Verstrichene Zeit: 6 Min, 30 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 13 PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\updateSolutionReal.exe, 1480, Löschen bei Neustart, [ff766ab0c9c14de913d461a4639f7789] PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe, 1508, Löschen bei Neustart, [2055988253370333d90e5fa657ab857b] PUP.Optional.Sanbreel.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.BOASPRT.exe, 5372, Löschen bei Neustart, [c9ac29f15a30b5810636789750b2a858] PUP.Optional.Sanbreel.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.BOASPRT.exe, 196, Löschen bei Neustart, [c9ac29f15a30b5810636789750b2a858] PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.BRT.Helper.exe, 8240, Löschen bei Neustart, [c9ac56c49feb1c1a0ed97b8aae542fd1] PUP.Optional.Sanbreel.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.BOAS.exe, 2856, Löschen bei Neustart, [fc793cde1d6d58de74c9a6693fc3718f] PUP.Optional.Sanbreel.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.BOAS.exe, 8776, Löschen bei Neustart, [fc793cde1d6d58de74c9a6693fc3718f] PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Search Protection\SP.exe, 5496, Löschen bei Neustart, [ec89d6444545a5914cf4ade03dc62bd5] PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter64.exe, 1644, Löschen bei Neustart, [79fc73a7bdcdf541021837474bb8cf31] PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.expext.exe, 7244, Löschen bei Neustart, [79fc73a7bdcdf541021837474bb8cf31] PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.PurBrowse64.exe, 8572, Löschen bei Neustart, [79fc73a7bdcdf541021837474bb8cf31] PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.BOASHelper.exe, 7140, Löschen bei Neustart, [79fc73a7bdcdf541021837474bb8cf31] PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter.exe, 4708, Löschen bei Neustart, [79fc73a7bdcdf541021837474bb8cf31] Module: 2 PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\31c21995b8614864ab504a53fbca73d4.dll, Löschen bei Neustart, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.expextdll.dll, Löschen bei Neustart, [79fc73a7bdcdf541021837474bb8cf31], Registrierungsschlüssel: 32 PUP.Optional.SolutionReal.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Solution Real, In Quarantäne, [ff766ab0c9c14de913d461a4639f7789], PUP.Optional.SolutionReal.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Solution Real, In Quarantäne, [2055988253370333d90e5fa657ab857b], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [62134fcb96f493a3a165092e7e8530d0], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [62134fcb96f493a3a165092e7e8530d0], PUP.Optional.SolutionReal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1bb456da-878f-44a5-b013-4bfe0ae02fce}, In Quarantäne, [98dd6caeb9d190a65fe4bc3d34ce09f7], PUP.Optional.SolutionReal.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{88E14F4A-B9FF-4D14-8FBA-AF56EDD73A5C}, In Quarantäne, [98dd6caeb9d190a65fe4bc3d34ce09f7], PUP.Optional.SolutionReal.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E4DBD29D-C2CE-4BBD-9C31-1C86EFD1636C}, In Quarantäne, [98dd6caeb9d190a65fe4bc3d34ce09f7], PUP.Optional.SolutionReal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E4DBD29D-C2CE-4BBD-9C31-1C86EFD1636C}, In Quarantäne, [98dd6caeb9d190a65fe4bc3d34ce09f7], PUP.Optional.SolutionReal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{88E14F4A-B9FF-4D14-8FBA-AF56EDD73A5C}, In Quarantäne, [98dd6caeb9d190a65fe4bc3d34ce09f7], PUP.Optional.SolutionReal.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1BB456DA-878F-44A5-B013-4BFE0AE02FCE}, In Quarantäne, [98dd6caeb9d190a65fe4bc3d34ce09f7], PUP.Optional.SolutionReal.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1BB456DA-878F-44A5-B013-4BFE0AE02FCE}, In Quarantäne, [98dd6caeb9d190a65fe4bc3d34ce09f7], PUP.Optional.SolutionReal.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1BB456DA-878F-44A5-B013-4BFE0AE02FCE}, In Quarantäne, [98dd6caeb9d190a65fe4bc3d34ce09f7], PUP.Optional.SolutionReal.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Solution Real, In Quarantäne, [72031bff2169f6403aadec19c83a57a9], PUP.Optional.SolutionReal.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{ac225167-00fc-452d-94c5-bb93600e7d9a}, In Quarantäne, [72031bff2169f6403aadec19c83a57a9], PUP.Optional.Spigot.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3A787631-66A2-4634-B928-A37E73B58FB6}, In Quarantäne, [690cdf3bbecc2610db647a132cd79868], PUP.Optional.Spigot.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search Protection, In Quarantäne, [ec89d6444545a5914cf4ade03dc62bd5], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64, In Quarantäne, [babba674ff8b4aec67877e23887bbb45], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{371bcf01-e691-44bf-9345-60788e5d16a5}Gw64, In Quarantäne, [b2c3f12935554beb8866970a91728c74], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64, In Quarantäne, [f38278a23b4f51e5c529bbe67e851fe1], PUP.Optional.SolutionReal.A, HKLM\SOFTWARE\WOW6432NODE\Solution Real, In Quarantäne, [7ff624f691f9300676066720a360659b], PUP.Optional.SolutionReal.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Solution Real, In Quarantäne, [066fc9514d3db77f512cd7b05fa4c63a], PUP.Optional.Wajam.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WajIEnhance, In Quarantäne, [2451d04a72181c1a9483b0d80cf7d42c], PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, In Quarantäne, [2550c05a3951c76fffc1fcca768db54b], PUP.Optional.BrowserExtensions.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BROWSER EXTENSIONS, In Quarantäne, [ee871505b6d49f97e27adab1d62d718f], PUP.Optional.SolutionReal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], Registrierungswerte: 4 PUP.Optional.Spigot.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Browser Extensions, "C:\Users\Samsung\AppData\Roaming\BrowserExtensions\BEHelper.exe", In Quarantäne, [690cdf3bbecc2610db647a132cd79868] PUP.Optional.Spigot.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Search Protection, "C:\Users\Samsung\AppData\Roaming\Search Protection\SP.EXE" /autostart, In Quarantäne, [ec89d6444545a5914cf4ade03dc62bd5] PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, In Quarantäne, [e78e81994b3f2c0aa37734d7d0352ad6] PUP.Optional.BrowserExtensions.A, HKU\S-1-5-21-1067650959-623007815-1153489054-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BROWSER EXTENSIONS|SS_Ver, 2.6, In Quarantäne, [ee871505b6d49f97e27adab1d62d718f] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 19 PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\BrowserExtensions, In Quarantäne, [690cdf3bbecc2610db647a132cd79868], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Search Protection, Löschen bei Neustart, [ec89d6444545a5914cf4ade03dc62bd5], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}, In Quarantäne, [bfb6a971d6b457df712d5c1c6c97a45c], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}\chrome, In Quarantäne, [bfb6a971d6b457df712d5c1c6c97a45c], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}\chrome\content, In Quarantäne, [bfb6a971d6b457df712d5c1c6c97a45c], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}, In Quarantäne, [fb7a2af0bfcb0c2a653a6711d033ce32], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}\chrome, In Quarantäne, [fb7a2af0bfcb0c2a653a6711d033ce32], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}\chrome\content, In Quarantäne, [fb7a2af0bfcb0c2a653a6711d033ce32], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C}, In Quarantäne, [492cbc5e97f346f05848adcb4fb44fb1], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C}\chrome, In Quarantäne, [492cbc5e97f346f05848adcb4fb44fb1], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C}\chrome\content, In Quarantäne, [492cbc5e97f346f05848adcb4fb44fb1], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4}, In Quarantäne, [096c73a7a8e2b2849201aacfd72c48b8], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4}\chrome, In Quarantäne, [096c73a7a8e2b2849201aacfd72c48b8], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4}\chrome\content, In Quarantäne, [096c73a7a8e2b2849201aacfd72c48b8], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real, Löschen bei Neustart, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin, Löschen bei Neustart, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\plugins, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\TEMP, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\certUtil, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], Dateien: 138 PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\updateSolutionReal.exe, Löschen bei Neustart, [ff766ab0c9c14de913d461a4639f7789], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe, Löschen bei Neustart, [2055988253370333d90e5fa657ab857b], PUP.Optional.Sanbreel.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.BOASPRT.exe, Löschen bei Neustart, [c9ac29f15a30b5810636789750b2a858], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.BRT.Helper.exe, Löschen bei Neustart, [c9ac56c49feb1c1a0ed97b8aae542fd1], PUP.Optional.Sanbreel.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.BOAS.exe, Löschen bei Neustart, [fc793cde1d6d58de74c9a6693fc3718f], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\SolutionRealBHO.dll, In Quarantäne, [98dd6caeb9d190a65fe4bc3d34ce09f7], PUP.Optional.InstallCore, C:\Users\Samsung\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z\Open Office Packages\uninstaller.exe, In Quarantäne, [2a4bcb4fb6d4c373ed0e8e8fca38926e], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\BrowserExtensions\Button.exe, In Quarantäne, [1f56fd1db6d43afcd7e1c71e59aca35d], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\BrowserExtensions\Button64.exe, In Quarantäne, [adc8fa205535b0865860766f71944db3], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\BrowserExtensions\ButtonWrap.dll, In Quarantäne, [591cf129aedc75c171480dd8c83d56aa], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\BrowserExtensions\ButtonWrap64.dll, In Quarantäne, [482d2af06327fe383e7bdc0939cca45c], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\SolutionRealUn.exe, In Quarantäne, [72031bff2169f6403aadec19c83a57a9], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\BrowserExtensions\startpage.xpi, In Quarantäne, [690cdf3bbecc2610db647a132cd79868], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\BrowserExtensions\BEHelper.exe, In Quarantäne, [690cdf3bbecc2610db647a132cd79868], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\BrowserExtensions\coupons.xpi, In Quarantäne, [690cdf3bbecc2610db647a132cd79868], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\BrowserExtensions\saamazon.xpi, In Quarantäne, [690cdf3bbecc2610db647a132cd79868], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\BrowserExtensions\saebay.xpi, In Quarantäne, [690cdf3bbecc2610db647a132cd79868], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\BrowserExtensions\Uninstall.exe, In Quarantäne, [690cdf3bbecc2610db647a132cd79868], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Search Protection\Uninstall.exe, In Quarantäne, [ec89d6444545a5914cf4ade03dc62bd5], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Search Protection\SP.exe, Löschen bei Neustart, [ec89d6444545a5914cf4ade03dc62bd5], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{31c21995-b861-4864-ab50-4a53fbca73d4}Gw64.sys, In Quarantäne, [babba674ff8b4aec67877e23887bbb45], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{371bcf01-e691-44bf-9345-60788e5d16a5}Gw64.sys, In Quarantäne, [b2c3f12935554beb8866970a91728c74], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{df8eec40-f909-439c-9ffe-3fee212f71b9}Gw64.sys, In Quarantäne, [f38278a23b4f51e5c529bbe67e851fe1], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}\chrome.manifest, In Quarantäne, [bfb6a971d6b457df712d5c1c6c97a45c], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}\icon.png, In Quarantäne, [bfb6a971d6b457df712d5c1c6c97a45c], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}\install.rdf, In Quarantäne, [bfb6a971d6b457df712d5c1c6c97a45c], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}\chrome\content\config.json, In Quarantäne, [bfb6a971d6b457df712d5c1c6c97a45c], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}\chrome\content\main.js, In Quarantäne, [bfb6a971d6b457df712d5c1c6c97a45c], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}\chrome\content\prefs.txt, In Quarantäne, [bfb6a971d6b457df712d5c1c6c97a45c], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}\chrome\content\savingsslider.js, In Quarantäne, [bfb6a971d6b457df712d5c1c6c97a45c], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}\chrome\content\savingsslider.xul, In Quarantäne, [bfb6a971d6b457df712d5c1c6c97a45c], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}\chrome\content\spigot.js, In Quarantäne, [bfb6a971d6b457df712d5c1c6c97a45c], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}\chrome.manifest, In Quarantäne, [fb7a2af0bfcb0c2a653a6711d033ce32], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}\icon.png, In Quarantäne, [fb7a2af0bfcb0c2a653a6711d033ce32], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}\install.rdf, In Quarantäne, [fb7a2af0bfcb0c2a653a6711d033ce32], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}\chrome\content\config.json, In Quarantäne, [fb7a2af0bfcb0c2a653a6711d033ce32], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}\chrome\content\main.js, In Quarantäne, [fb7a2af0bfcb0c2a653a6711d033ce32], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}\chrome\content\main.xul, In Quarantäne, [fb7a2af0bfcb0c2a653a6711d033ce32], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}\chrome\content\newtab.xul, In Quarantäne, [fb7a2af0bfcb0c2a653a6711d033ce32], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}\chrome\content\prefs.txt, In Quarantäne, [fb7a2af0bfcb0c2a653a6711d033ce32], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}\chrome\content\redirects.js, In Quarantäne, [fb7a2af0bfcb0c2a653a6711d033ce32], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}\chrome\content\spigot.js, In Quarantäne, [fb7a2af0bfcb0c2a653a6711d033ce32], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}\chrome\content\startpage.js, In Quarantäne, [fb7a2af0bfcb0c2a653a6711d033ce32], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C}\chrome.manifest, In Quarantäne, [492cbc5e97f346f05848adcb4fb44fb1], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C}\icon.png, In Quarantäne, [492cbc5e97f346f05848adcb4fb44fb1], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C}\install.rdf, In Quarantäne, [492cbc5e97f346f05848adcb4fb44fb1], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C}\chrome\content\config.json, In Quarantäne, [492cbc5e97f346f05848adcb4fb44fb1], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C}\chrome\content\ebay.png, In Quarantäne, [492cbc5e97f346f05848adcb4fb44fb1], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C}\chrome\content\ebay.xul, In Quarantäne, [492cbc5e97f346f05848adcb4fb44fb1], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C}\chrome\content\main.js, In Quarantäne, [492cbc5e97f346f05848adcb4fb44fb1], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C}\chrome\content\prefs.txt, In Quarantäne, [492cbc5e97f346f05848adcb4fb44fb1], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C}\chrome\content\saebay.js, In Quarantäne, [492cbc5e97f346f05848adcb4fb44fb1], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C}\chrome\content\spigot.js, In Quarantäne, [492cbc5e97f346f05848adcb4fb44fb1], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4}\chrome.manifest, In Quarantäne, [096c73a7a8e2b2849201aacfd72c48b8], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4}\icon.png, In Quarantäne, [096c73a7a8e2b2849201aacfd72c48b8], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4}\install.rdf, In Quarantäne, [096c73a7a8e2b2849201aacfd72c48b8], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4}\chrome\content\amazon.png, In Quarantäne, [096c73a7a8e2b2849201aacfd72c48b8], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4}\chrome\content\amazon.xul, In Quarantäne, [096c73a7a8e2b2849201aacfd72c48b8], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4}\chrome\content\main.js, In Quarantäne, [096c73a7a8e2b2849201aacfd72c48b8], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4}\chrome\content\prefs.txt, In Quarantäne, [096c73a7a8e2b2849201aacfd72c48b8], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4}\chrome\content\saamazon.js, In Quarantäne, [096c73a7a8e2b2849201aacfd72c48b8], PUP.Optional.Spigot.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4}\chrome\content\spigot.js, In Quarantäne, [096c73a7a8e2b2849201aacfd72c48b8], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\0, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\gjnbbdonfhdjpangbkdcikdageggmfbg.crx, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\najacfdolllggobgahokmbofjfmboefn.crx, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\pnpbdjpnfoddiffejmciilgkphacgoeb.crx, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\SolutionReal.ico, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\SolutionRealUninstall.exe, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\updateSolutionReal.InstallState, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\371bcf01e69144bf9345.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter64.exe, Löschen bei Neustart, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\1d7d694e604c4da29100.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\1d7d694e604c4da2910064.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\1d7d694e604c4da29100b2601d3a1c57.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\1d7d694e604c4da29100b2601d3a1c5764.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\31c21995b8614864ab50.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\31c21995b8614864ab504a53fbca73d4.dll, Löschen bei Neustart, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\31c21995b8614864ab504a53fbca73d464.dll, Löschen bei Neustart, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\31c21995b8614864ab5064.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.BRT.zip, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.expext.exe, Löschen bei Neustart, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.expext.zip, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.expextdll.dll, Löschen bei Neustart, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.PurBrowse64.exe, Löschen bei Neustart, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.PurBrowseG.zip, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\sqlite3.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.InstallState, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\5c281c6e01324ac6ad9d.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\5c281c6e01324ac6ad9d64.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\5c281c6e01324ac6ad9dd1d95d218412.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\5c281c6e01324ac6ad9dd1d95d21841264.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\7za.exe, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\BrowserAdapter.7z, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\certutil.zip, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\df8eec40f909439c9ffe.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\df8eec40f909439c9ffe3fee212f71b9.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\df8eec40f909439c9ffe3fee212f71b964.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\df8eec40f909439c9ffe64.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\eula.txt, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\Interop.NetFwTypeLib.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\msvcr100.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\Pac.js, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\pac8807.js, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\pac9064.js, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.BOAS.zip, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.BOASHelper.exe, Löschen bei Neustart, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter.exe, Löschen bei Neustart, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\371bcf01e69144bf934560788e5d16a5.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\371bcf01e69144bf934560788e5d16a564.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\371bcf01e69144bf934564.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\4cff408ad9e747c3a711.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\4cff408ad9e747c3a71164.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\4cff408ad9e747c3a71195133fcf7f45.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\4cff408ad9e747c3a71195133fcf7f4564.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\plugins\SolutionReal.BOAS.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\plugins\SolutionReal.BrowserAdapter.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\plugins\SolutionReal.BRT.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\plugins\SolutionReal.CompatibilityChecker.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\plugins\SolutionReal.ExpExt.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\plugins\SolutionReal.FFUpdate.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\plugins\SolutionReal.GCUpdate.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\plugins\SolutionReal.IEUpdate.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\plugins\SolutionReal.PurBrowseG.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\plugins\SolutionReal.Repmon.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\certUtil\certutil.exe, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\certUtil\freebl3.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\certUtil\libnspr4.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\certUtil\libplc4.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\certUtil\libplds4.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\certUtil\nss3.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\certUtil\nssckbi.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\certUtil\nssdbm3.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\certUtil\nssutil3.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\certUtil\smime3.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\certUtil\softokn3.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\certUtil\sqlite3.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\certUtil\ssl3.dll, In Quarantäne, [79fc73a7bdcdf541021837474bb8cf31], PUP.Optional.Vosteran.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\user.js, In Quarantäne, [e4918b8fd7b3ca6cbccd3eab7293de22], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Nun weiß ich nicht mehr weiter und hoffe ihr könnt mir helfen. Ich bin mit der Materie nicht so ganz vertraut und nehme mal an ich bin völlig falsch an die Sache rangegangen. Weiter hoffe ich dass ich hier alles korrekt dargestellt habe und das alles zu einem Thema gehört. Vielen Dank im Voraus! LG Rosana |
|
05.02.2015, 18:14
| #2 |
| /// the machine /// TB-Ausbilder    | Fehlermeldung - "Fehler: Server nicht gefunden" hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
06.02.2015, 23:12
| #3 |
| | Fehlermeldung - "Fehler: Server nicht gefunden" Hi,
__________________FSRT FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015 Ran by Samsung (administrator) on ROJAN on 06-02-2015 22:49:43 Running from C:\Users\Samsung\Downloads Loaded Profiles: Samsung (Available profiles: Samsung & Gast) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\HPWA\iBTAudioSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkManagerDMS.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkDMS.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe (Samsung Electronics Co., Ltd.) C:\ProgramData\Samsung\LCDModeChecker\LCDModeChecker.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\Intel_ClonePatchTool\Intel_ClonePatchTool.exe (Intel Corporation) C:\Windows\System32\igfxext.exe () C:\Windows\SysWOW64\UMonit64.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Akamai Technologies, Inc.) C:\Users\Samsung\AppData\Local\Akamai\netsession_win.exe () C:\Windows\SysWOW64\UMonit64.exe (Akamai Technologies, Inc.) C:\Users\Samsung\AppData\Local\Akamai\netsession_win.exe (Intel Corporation) C:\Program Files (x86)\Intel\HPWA\iBTAudioMon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [UMonit64] => C:\windows\SysWOW64\UMonit64.exe [53248 2013-05-09] () HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated) HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [3965904 2013-06-06] () HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [597576 2013-07-09] (Copyright 2013 SAMSUNG) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-11-04] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-07-28] (Realtek Semiconductor) HKLM\...\RunOnce: [Reboot1] => timeout /t 1 HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Samsung\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\MountPoints2: {25a7139a-601e-11e4-beb8-5c514f267987} - "D:\AutoRun.exe" HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\MountPoints2: {25a713d1-601e-11e4-beb8-5c514f267987} - "F:\AutoRun.exe" HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\MountPoints2: {27cd8275-a882-11e4-bec5-1867b0b6525a} - "G:\SetupWi-Fi.exe" HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\MountPoints2: {8ec44a2f-7e66-11e4-bebb-5c514f267987} - "D:\SETUP.EXE" HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\MountPoints2: {9e28a7b8-6f0a-11e4-beb8-5c514f267987} - "D:\launcher.exe" IFEO\ContentExplorer.exe: [Debugger] TaskList.exe IFEO\internetenhancer.exe: [Debugger] TaskList.exe IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iBTAudioMon.lnk ShortcutTarget: iBTAudioMon.lnk -> C:\Program Files (x86)\Intel\HPWA\iBTAudioMon.exe (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {97B99FDF-AD2F-40D6-98B6-9F64EB81FC8B} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll () ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll () ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {97B99FDF-AD2F-40D6-98B6-9F64EB81FC8B} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [S-1-5-21-1067650959-623007815-1153489054-1001] => file://C:\Program Files (x86)\Solution Real\bin\Pac9064.js HKU\S-1-5-21-1067650959-623007815-1153489054-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hotmail.com/ HKU\S-1-5-21-1067650959-623007815-1153489054-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com/?pc=smjb SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKU\S-1-5-21-1067650959-623007815-1153489054-1001 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} SearchScopes: HKU\S-1-5-21-1067650959-623007815-1153489054-1001 -> {07CCAACC-C7AB-4FF6-9AD1-7EE0F6570877} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggbg_15_04_ie&cd=2XzuyEtN2Y1L1QzuyD0EyDtCyE0FtByCyBzyzztAyDyB0DyEtN0D0Tzu0StCtCtCyDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtBzztCyDtD0B0FtGyEtDyDtBtGyCyCtDyDtG0BzztAyBtGyB0AtDtDyDtCtD0DtDzzyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEyE0FtBtAtA0CtGtB0AtAtBtGyE0F0C0BtGzzyD0FtDtGtA0AyD0EtCyByBtA0DtA0B0B2Q&cr=239096243&ir= SearchScopes: HKU\S-1-5-21-1067650959-623007815-1153489054-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation) Toolbar: HKU\S-1-5-21-1067650959-623007815-1153489054-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default FF SelectedSearchEngine: Yahoo! FF Homepage: hxxp://google.es/ FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.1 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung) FF Extension: Solution Real 1.0.1 - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\Extensions\{4cff408a-d9e7-47c3-a711-95133fcf7f45}.xpi [2015-01-20] FF Extension: Adblock Plus - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-21] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF [2013-11-13] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn [2015-02-04] FF HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-10] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-10] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkManagerDMS.exe [404360 2013-06-18] (Samsung) [File not signed] R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-16] (Intel) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-05] (ELAN Microelectronics Corp.) R2 iBTAudioSrv; C:\Program Files (x86)\Intel\HPWA\iBTAudioSrv.exe [573384 2014-07-25] (Intel Corporation) R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121304 2014-08-07] (Intel Corporation) S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-06-17] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-06-27] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] () S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-06-27] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation) R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [605768 2013-07-09] (Copyright 2013 SAMSUNG) R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [1595440 2013-10-10] (Samsung Electronics CO., LTD.) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-06-17] (Motorola Solutions, Inc.) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352448 2013-02-11] (EldoS Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-12-08] (Disc Soft Ltd) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) [File not signed] R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22832 2013-07-24] (ELAN Microelectronic Corp.) S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [91368 2013-03-22] (GenesysLogic) S3 ibtsdp; C:\Windows\system32\DRIVERS\ibtsdp.sys [40904 2014-07-25] (Intel Corporation) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [220104 2014-08-07] (Intel Corporation) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20131223.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-04-15] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-04-15] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-06-27] (Intel Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20131223.024\ENG64.SYS [126040 2013-11-13] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20131223.024\EX64.SYS [2099288 2013-11-13] (Symantec Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3479528 2014-08-21] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew02.sys [3648480 2013-10-08] (Intel Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2013-03-04] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-29] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207768 2013-04-16] (Windows (R) Win 7 DDK provider) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-02-04] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 22:49 - 2015-02-06 22:49 - 00023998 _____ () C:\Users\Samsung\Downloads\FRST.txt 2015-02-06 22:49 - 2015-02-06 22:49 - 00000000 ____D () C:\FRST 2015-02-06 22:48 - 2015-02-06 22:48 - 02131968 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe 2015-02-05 17:18 - 2015-02-05 17:18 - 00037118 _____ () C:\Users\Samsung\Documents\Suchlauf 04.02.2015 Malewarbytes.txt 2015-02-05 11:19 - 2015-02-05 11:19 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Mozilla 2015-02-05 11:19 - 2015-02-05 11:19 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla 2015-02-05 11:19 - 2015-02-05 11:19 - 00000000 ____D () C:\Users\Gast\AppData\Local\Absolute_Software 2015-02-05 11:19 - 2015-02-05 11:19 - 00000000 _____ () C:\Users\Gast\AppData\Roaming\AbsoluteReminder.xml 2015-02-05 11:18 - 2015-02-05 11:18 - 00001450 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-05 11:18 - 2015-02-05 11:18 - 00001168 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBT Audio Monitor.lnk 2015-02-05 11:18 - 2015-02-05 11:18 - 00000020 ___SH () C:\Users\Gast\ntuser.ini 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Vorlagen 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Startmenü 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Netzwerkumgebung 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Lokale Einstellungen 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Eigene Dateien 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Druckumgebung 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Musik 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Bilder 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Verlauf 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Anwendungsdaten 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Anwendungsdaten 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\Documents\Meine empfangenen Dateien 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Intel 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Adobe 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Local\SAMSUNG 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Local\Adobe 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\.swt 2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast 2015-02-05 11:18 - 2014-12-07 01:08 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-05 11:18 - 2014-09-24 08:43 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-02-05 11:18 - 2014-09-24 07:18 - 00000369 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-02-05 11:18 - 2014-09-24 07:18 - 00000369 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-02-05 11:18 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-02-05 11:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-02-04 15:01 - 2015-02-04 15:17 - 00000000 ____D () C:\WINDOWS\LastGood 2015-02-03 21:26 - 2015-02-03 21:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-02-02 23:55 - 2015-02-02 23:55 - 22948022 _____ () C:\Users\Samsung\Desktop\Klettern für Villa Entspania.zip 2015-02-02 23:44 - 2015-02-02 23:44 - 00000000 ____D () C:\Users\Samsung\.android 2015-02-02 23:30 - 2015-02-02 23:35 - 00000000 ____D () C:\Users\Samsung\Desktop\Klettern für Villa Entspania 2015-02-02 18:25 - 2015-02-02 18:25 - 00000000 ____D () C:\Users\Samsung\Documents\PC Speed Maximizer 2015-01-29 16:39 - 2015-01-29 16:39 - 00011085 _____ () C:\Users\Samsung\Documents\Maleware-Scan 29.01.2015.txt 2015-01-29 16:23 - 2015-02-05 17:52 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-29 16:23 - 2015-01-29 16:23 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-29 16:23 - 2015-01-29 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-29 16:23 - 2015-01-29 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-29 16:23 - 2015-01-29 16:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-29 16:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-29 16:23 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-01-29 16:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-01-29 16:13 - 2015-02-02 21:28 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\DesktopIconForAmazon 2015-01-26 12:30 - 2015-01-26 12:30 - 00000000 ____H () C:\ProgramData\DP45977C.lfl 2015-01-26 12:30 - 2014-08-12 19:23 - 04023768 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys 2015-01-26 12:30 - 2014-08-12 16:53 - 01313211 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT 2015-01-26 12:30 - 2014-08-08 15:00 - 67562496 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat 2015-01-26 12:30 - 2014-08-07 16:54 - 02857328 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll 2015-01-26 12:30 - 2014-08-06 13:43 - 02860760 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll 2015-01-26 12:30 - 2014-07-30 15:39 - 00956120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll 2015-01-26 12:30 - 2014-07-04 11:07 - 01024728 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll 2015-01-26 12:30 - 2014-06-17 13:32 - 01286872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll 2015-01-26 12:30 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll 2015-01-26 12:30 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll 2015-01-26 12:30 - 2014-04-10 12:19 - 14863448 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll 2015-01-26 12:30 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll 2015-01-26 12:30 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll 2015-01-26 12:30 - 2014-04-10 12:19 - 01063512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll 2015-01-26 12:30 - 2014-04-07 16:03 - 06218072 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll 2015-01-26 12:30 - 2014-04-07 16:03 - 01939800 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll 2015-01-26 12:30 - 2014-04-07 16:03 - 00315736 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll 2015-01-26 12:30 - 2014-04-07 16:03 - 00261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll 2015-01-26 12:30 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl 2015-01-26 12:30 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll 2015-01-26 12:30 - 2014-02-06 11:28 - 05804772 _____ () C:\WINDOWS\system32\Drivers\rtvienna.dat 2015-01-26 12:30 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll 2015-01-26 12:30 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll 2015-01-26 12:30 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll 2015-01-26 12:30 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll 2015-01-26 12:29 - 2015-01-26 12:29 - 00003736 _____ () C:\WINDOWS\System32\Tasks\SettingsHibernateMonitor 2015-01-26 12:29 - 2015-01-26 12:29 - 00003548 _____ () C:\WINDOWS\System32\Tasks\LaunchSettings 2015-01-26 12:29 - 2015-01-26 12:29 - 00000000 ____D () C:\Program Files\Elantech 2015-01-26 12:29 - 2013-07-24 14:57 - 00022832 _____ (ELAN Microelectronic Corp.) C:\WINDOWS\system32\Drivers\ETDSMBus.sys 2015-01-26 12:24 - 2015-01-26 12:24 - 00000000 ____D () C:\Program Files\Common Files\Intel 2015-01-26 12:24 - 2015-01-26 12:24 - 00000000 ____D () C:\Program Files (x86)\Cisco 2015-01-26 12:23 - 2015-01-26 12:23 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Samsung 2015-01-26 12:22 - 2015-02-04 14:26 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\BRT 2015-01-26 12:22 - 2015-01-26 12:22 - 00000000 ____D () C:\Users\Samsung\Documents\Meine empfangenen Dateien 2015-01-26 12:21 - 2015-01-26 12:21 - 00000000 ____D () C:\WINDOWS\RSTLog 2015-01-26 12:20 - 2015-01-26 12:20 - 00003352 _____ () C:\WINDOWS\System32\Tasks\IntelGfxColorWA2 2015-01-26 12:20 - 2015-01-26 12:20 - 00000724 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk 2015-01-26 12:19 - 2015-01-26 12:19 - 00002970 _____ () C:\WINDOWS\System32\Tasks\SamsungLinkPC 2015-01-26 12:18 - 2013-07-31 05:06 - 02214216 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\ETDUninst.dll 2015-01-26 12:17 - 2015-01-26 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices 2015-01-26 11:46 - 2015-01-26 11:46 - 00027648 _____ () C:\Users\Samsung\Downloads\Rechnung 17.09.2013.xls 2015-01-26 11:44 - 2015-01-26 11:44 - 00033280 _____ () C:\Users\Samsung\Downloads\Rechnung 21. Januar 2013.xls 2015-01-25 21:48 - 2015-01-25 21:48 - 00000000 ____D () C:\Program Files\DIFX 2015-01-22 12:53 - 2015-01-22 12:53 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\OpenOffice 2015-01-22 12:39 - 2015-01-22 12:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2015-01-22 09:54 - 2015-01-22 09:54 - 00022528 _____ () C:\Users\Samsung\AppData\Local\dsisetup1651910152.exe 2015-01-22 09:54 - 2015-01-22 09:54 - 00000001 _____ () C:\Users\Samsung\AppData\Local\DSI.DAT 2015-01-20 17:12 - 2015-01-20 17:12 - 00003768 _____ () C:\WINDOWS\System32\Tasks\RunTool 2015-01-20 14:54 - 2015-01-27 19:55 - 00000132 _____ () C:\Users\Samsung\AppData\Roaming\WB.CFG 2015-01-20 11:57 - 2015-01-20 11:57 - 00001128 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk 2015-01-20 11:57 - 2015-01-20 11:57 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0 2015-01-20 11:57 - 2015-01-20 11:57 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2015-01-20 11:55 - 2015-01-20 11:56 - 00000000 ____D () C:\Users\Samsung\Desktop\OpenOffice 4.1.0 (en-US) Installation Files 2015-01-20 11:53 - 2015-01-20 11:53 - 140910890 _____ () C:\Users\Samsung\Downloads\OpenOfficeSetup.exe 2015-01-20 11:53 - 2015-01-20 11:53 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z 2015-01-20 11:44 - 2015-01-20 11:44 - 00846104 _____ ( ) C:\Users\Samsung\Downloads\Open_office_Setup.exe 2015-01-16 13:12 - 2015-01-16 14:25 - 00000000 ____D () C:\Users\Samsung\Desktop\bw-invest Newsletter 2015-01-16 12:21 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-16 12:21 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-16 12:21 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-16 12:21 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-16 12:21 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-16 12:21 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-16 12:21 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-16 12:21 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-16 12:21 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-16 12:21 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-16 12:21 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-16 12:21 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-16 12:21 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-16 12:21 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-16 12:21 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-16 12:21 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-16 12:21 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-16 12:21 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-16 12:21 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-16 12:21 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-16 12:21 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-16 12:21 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-16 12:21 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-16 12:21 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-16 12:21 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-16 12:21 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-16 12:21 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-16 12:21 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-16 12:21 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-16 12:21 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-16 12:21 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-14 17:11 - 2015-01-14 17:11 - 00000000 ____D () C:\Users\Samsung\AppData\Local\580d2d6e-6e24-4802-b686-426a4bb47fef 2015-01-08 18:21 - 2015-01-08 18:32 - 00000000 ____D () C:\Users\Samsung\Desktop\Newsletter Januar 2015-01-08 17:39 - 2015-01-08 17:39 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 22:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-06 11:02 - 2014-11-26 17:50 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-06 10:26 - 2014-10-26 00:39 - 01414840 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-06 10:20 - 2013-11-09 07:10 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1067650959-623007815-1153489054-1001 2015-02-06 10:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-05 11:27 - 2013-11-13 02:37 - 00000000 ____D () C:\Users\Samsung\AppData\Local\CrashDumps 2015-02-05 11:25 - 2014-11-17 12:15 - 00000000 ___RD () C:\Users\Samsung\OneDrive 2015-02-05 11:25 - 2013-07-29 05:42 - 00000000 ____D () C:\ProgramData\WinClon 2015-02-04 22:02 - 2014-11-26 17:50 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-04 15:45 - 2013-08-22 15:46 - 00352101 _____ () C:\WINDOWS\setupact.log 2015-02-04 14:52 - 2014-09-24 07:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-04 14:52 - 2014-09-24 06:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2015-02-04 14:52 - 2014-09-24 06:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2015-02-04 14:47 - 2014-10-23 13:43 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp 2015-02-04 14:47 - 2014-09-23 22:06 - 00076118 _____ () C:\WINDOWS\PFRO.log 2015-02-04 14:47 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-04 14:47 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-04 14:47 - 2013-07-29 05:53 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys 2015-02-04 14:29 - 2013-11-09 03:21 - 00035528 _____ () C:\Users\Samsung\AppData\Roaming\AbsoluteReminder.xml 2015-02-04 14:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\security 2015-02-04 14:03 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini 2015-02-04 13:10 - 2014-10-27 10:10 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FD16278B-F34C-432A-BD3D-7A7390862BE8} 2015-02-04 11:10 - 2014-10-30 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-02 23:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-02-02 23:44 - 2014-10-25 12:51 - 00000000 ____D () C:\Users\Samsung 2015-02-02 18:32 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-01-30 14:14 - 2014-11-18 10:07 - 00000000 ____D () C:\WINDOWS\SysWOW64\SupportAppPBHostless Modem 2015-01-30 14:14 - 2014-11-18 10:07 - 00000000 ____D () C:\Program Files (x86)\Hostless Modem 2015-01-29 23:02 - 2013-11-09 03:20 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Packages 2015-01-27 20:21 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-26 12:30 - 2014-10-25 12:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2015-01-26 12:30 - 2013-07-29 05:38 - 00000206 _____ () C:\setup.log 2015-01-26 12:30 - 2013-07-29 04:01 - 00002787 _____ () C:\RHDSetup.log 2015-01-26 12:30 - 2013-07-29 04:01 - 00000000 ___HD () C:\Program Files (x86)\Temp 2015-01-26 12:29 - 2014-10-26 00:41 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2015-01-26 12:29 - 2013-07-29 05:53 - 00016352 _____ () C:\WINDOWS\system32\results.xml 2015-01-26 12:29 - 2013-07-29 04:03 - 00079470 _____ () C:\WINDOWS\DPINST.LOG 2015-01-26 12:29 - 2013-07-29 04:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-01-26 12:29 - 2013-07-29 04:01 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-01-26 12:25 - 2013-07-29 05:09 - 00000000 ____D () C:\Intel 2015-01-26 12:25 - 2013-07-29 04:03 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-26 12:25 - 2013-07-29 04:03 - 00000000 ____D () C:\ProgramData\Intel 2015-01-26 12:25 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated 2015-01-26 12:24 - 2014-10-25 12:49 - 00000000 ____D () C:\Program Files (x86)\Intel 2015-01-26 12:23 - 2014-10-25 12:49 - 00000000 ____D () C:\Program Files\Intel 2015-01-26 12:22 - 2013-08-22 15:46 - 00001196 _____ () C:\WINDOWS\setuperr.log 2015-01-26 12:21 - 2013-11-09 03:21 - 00001168 _____ () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBT Audio Monitor.lnk 2015-01-26 12:20 - 2013-07-29 05:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-01-26 12:20 - 2013-07-29 04:01 - 00000000 ____D () C:\ProgramData\Samsung 2015-01-24 21:20 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-24 21:20 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-22 12:51 - 2014-11-24 11:30 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2015-01-20 20:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy 2015-01-20 12:01 - 2013-08-22 15:44 - 00411080 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-01-20 12:00 - 2013-11-16 10:19 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-20 11:58 - 2013-11-16 10:19 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-20 11:54 - 2014-10-30 12:26 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-16 12:17 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2015-01-08 17:33 - 2014-05-17 16:34 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration 2015-01-08 17:33 - 2013-07-29 05:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2015-01-08 17:33 - 2013-07-29 05:41 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64 ==================== Files in the root of some directories ======= 2013-11-09 03:21 - 2015-02-04 14:29 - 0035528 _____ () C:\Users\Samsung\AppData\Roaming\AbsoluteReminder.xml 2014-10-30 11:30 - 2014-10-30 11:30 - 0076976 _____ () C:\Users\Samsung\AppData\Roaming\LoJackSetup.exe 2015-01-20 14:54 - 2015-01-27 19:55 - 0000132 _____ () C:\Users\Samsung\AppData\Roaming\WB.CFG 2015-01-22 09:54 - 2015-01-22 09:54 - 0000001 _____ () C:\Users\Samsung\AppData\Local\DSI.DAT 2015-01-22 09:54 - 2015-01-22 09:54 - 0022528 _____ () C:\Users\Samsung\AppData\Local\dsisetup1651910152.exe 2015-01-26 12:30 - 2015-01-26 12:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-07-29 05:45 - 2013-02-19 08:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe 2013-07-29 05:45 - 2013-01-12 15:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml 2013-03-19 03:32 - 2013-03-19 03:32 - 0010011 _____ () C:\ProgramData\regid.2012-01.com.intel.discover-at_512FCF1B-3685-45F2-A1E9-63AEF7F79B35.swidtag Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-01 11:33 ==================== End Of Log ============================ --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by Samsung at 2015-02-06 22:50:08
Running from C:\Users\Samsung\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.2.0.26 - Absolute Software)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
AllShare Framework DMS (HKLM\...\{C5850BE4-67AA-4CFB-894B-27F1172E42E0}) (Version: 1.3.14 - Samsung)
Bitcasa version 1.0.1.5011 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 1.0.1.5011 - Bitcasa Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ETDWare X64 11.7.19.9_WHQL (HKLM\...\Elantech) (Version: 11.7.19.9 - ELAN Microelectronic Corp.)
Genesys Logic USB2.0 Card Reader (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)
Help Desk (HKLM\...\{890EA23E-9AA2-4F51-836B-4E26B91C18E8}) (Version: 1.0.93 - Samsung Electronics CO., LTD.)
Intel Anti-Theft Discovery App (HKLM-x32\...\{707248B9-2D34-4D77-A5C6-2A8A54848E5A}) (Version: 1.1.0.7 - Intel Corporation)
Intel Experience Center - Configuration (x32 Version: 1.5.0.0 - Intel) Hidden
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{e4fefc02-cd6c-45e3-8974-e7357e71da40}) (Version: 1.5.0.0 - Intel)
Intel(R) Experience Center Driver (HKLM-x32\...\{16660b76-bdc5-47cf-b28d-846120a1ee76}) (Version: 1.0.90.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1628 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.3.1000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{DBECAE94-4C04-40AC-9AFB-FA9953258EAF}) (Version: 4.1.41.2234 - Intel)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{C605440F-2748-435F-9F29-EB1C8134856F}) (Version: 4.1.17.0 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) Audiodienst (HKLM-x32\...\{C35703F7-D1F4-42DE-8C15-E1A1AAF0A48E}) (Version: 17.0.1430.01 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.1.1431.1) (HKLM\...\{302600C1-6BDF-4FD1-1407-148929CC1385}) (Version: 17.1.1407.0480 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
Inxmail Professional Loader (HKLM\...\{B2A1DD78-BDF5-4E0B-B3DB-FE8A8C303C10}) (Version: 1.0.0.18 - Inxmail GmbH)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.6.0.27 - Symantec Corporation)
Open Office Packages (HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\Open Office Packages) (Version: - ) <==== ATTENTION
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 2.0.0.21 - RSUPPORT)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7318 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.11 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.51 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Link (HKLM-x32\...\{82EC241F-DFCA-4166-A8C3-EA5D2B9A41C4}) (Version: 1.8.0.39 - Samsung Electronics CO., LTD.)
Samsung Link 1.6.0.1307100416 (HKLM\...\8474-7877-9059-0204) (Version: 1.6.0.1307100416 - Copyright 2013 SAMSUNG)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Settings (HKLM-x32\...\{3BB58176-B3A7-47FD-9F18-C3576431D193}) (Version: 2.2.0 - Samsung Electronics CO., LTD.)
SideSync (HKLM-x32\...\{59687468-8CE9-4ABF-9C6A-5C31F0E09F8B}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.3800 - DTS, Inc.)
Support Center (HKLM\...\{B897FC7E-20D1-41F8-9F0A-B6FBFFC40438}) (Version: 2.1.1109 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.11 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{1687FC01-135F-4ADE-B828-B461CC74BD8A}) (Version: 2.2.4 - Samsung Electronics CO., LTD.)
User Manual (HKLM-x32\...\{F31EABD6-268E-4176-BEA0-67FBFF7332DA}) (Version: 1.3.00 - Samsung Electronics CO., LTD.)
Windows-Treiberpaket - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1067650959-623007815-1153489054-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
16-01-2015 14:41:54 Geplanter Prüfpunkt
20-01-2015 11:56:06 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
25-01-2015 21:44:34 Installed SW Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {07E38627-634F-4B1C-87D5-A75D2CE0A025} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe [2014-12-06] (Symantec Corporation)
Task: {1729EF4C-AC34-4B95-98AD-48763F561500} - System32\Tasks\SamsungLinkPC => C:\Program Files (x86)\Samsung\HomeSync Lite\RefreshToken.exe
Task: {1B0D34AE-40F8-41EF-933E-AC328BE5AC74} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-07-17] (SEC)
Task: {1CC166BC-0344-4064-A5D6-99E06E7E3712} - System32\Tasks\Intel_ClonePatchTool => C:\ProgramData\Samsung\Intel_ClonePatchTool\Intel_ClonePatchTool.exe [2013-08-09] (Samsung Electronics CO., LTD.)
Task: {2AE9487A-B20F-4553-9378-D77A49858A76} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-07-28] (Realtek Semiconductor)
Task: {2EC51E8C-1D16-4EB0-ABAA-531704E29696} - \RocketTab No Task File <==== ATTENTION
Task: {3C3E99B0-8F06-481B-B0FC-95E27C48C775} - System32\Tasks\SECPatch_RenewTSP => C:\ProgramData\Samsung\Service\SECPatch_RenewTSP.exe [2013-07-26] (Samsung Electronics CO., LTD.)
Task: {5C438415-B782-404E-91F7-DAD14121D20D} - System32\Tasks\RunTool => C:\Users\Samsung\AppData\Local\580d2d6e-6e24-4802-b686-426a4bb47fef\sysad.exe [2015-01-26] ()
Task: {7947A0E6-C4BD-468F-8CA1-B24B8483F225} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {7BA89613-DC04-45C8-B013-8C5475023274} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {7C1F3F88-715E-4E61-95A3-2FB38DA7C3FF} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {7FC22548-670E-499A-B87F-9FAB4034D197} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-20] (Microsoft Corporation)
Task: {944E526B-AFEA-45DB-98D6-FFFDEC617724} - System32\Tasks\NetServiceControl => regedit.exe /s timeout.reg
Task: {95FE502E-7EFE-4CFC-BB6D-364B3CBDB0FD} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {9CF8B6F1-7941-4B45-B9C3-94B3B749AA47} - System32\Tasks\Absolute Reminder => C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe [2012-10-25] (Absolute Software)
Task: {A58F1D12-F678-482A-AA0A-145C405297B7} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-10-29] (Samsung Electronics CO., LTD.)
Task: {AB6A1DD2-FFD0-4688-B0DE-1DDA8F917708} - System32\Tasks\SettingsHibernateMonitor => C:\Program Files (x86)\Samsung\Settings\SettingsHibernateMonitor.exe [2013-10-10] (Samsung Electronics CO., LTD.)
Task: {B2953DF0-0DCA-4FEE-BABB-C26677C9EC53} - System32\Tasks\LCDModeChecker => C:\ProgramData\Samsung\LCDModeChecker\LCDModeChecker.exe [2013-09-17] (Samsung Electronics Co., Ltd.)
Task: {B710CD0E-EC04-4AEB-8E88-E89B82BCE1F7} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-07-28] (Realtek Semiconductor)
Task: {BCA8976B-F2A7-48A4-912B-83DF824C574A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {C255EB02-DD17-44BB-92C0-E4D88E922458} - System32\Tasks\IntelGfxColorWA2 => C:\ProgramData\Samsung\GFXPatch\IntelGfxColorWA2.exe [2014-07-24] (Samsung Electronics Co., Ltd.)
Task: {D1245436-4BF7-48F2-A22A-9677FFA41A0B} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {D1FAF460-AD6B-4AE9-86C1-854079917F80} - System32\Tasks\AdobeAAMUpdater-1.0-Sammy-Samsung => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {D4CF773E-1DB7-4C19-90F4-18127643DCF1} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-05-09] ()
Task: {DD61C522-9D1C-4301-A402-0B83A4E4EC08} - System32\Tasks\LaunchSettings => C:\Program Files (x86)\Samsung\Settings\Settings.exe [2013-10-10] ()
Task: {FE5D8483-4906-4806-8EB5-C078E3993D04} - System32\Tasks\RtHDVBg_SRSSA => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-07-28] (Realtek Semiconductor)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2013-04-15 07:45 - 2013-04-15 07:45 - 00182760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-04-15 07:45 - 2013-04-15 07:45 - 00060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-07-29 05:50 - 2013-07-09 20:16 - 00012800 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2014-10-25 12:53 - 2014-10-25 12:53 - 00515584 _____ () C:\Windows\Temp\sqlite-3.7.2-sqlitejdbc.dll
2013-07-29 05:50 - 2013-07-09 20:16 - 01283584 _____ () C:\Program Files\Samsung\Samsung Link\SecProxyJNI.dll
2013-07-29 05:50 - 2013-07-09 20:16 - 01340928 _____ () C:\Program Files\Samsung\Samsung Link\SecStubJNI.dll
2013-07-29 05:50 - 2013-07-09 20:16 - 01588736 _____ () C:\Program Files\Samsung\Samsung Link\SppAgentSvc.dll
2013-06-18 05:51 - 2013-06-18 05:51 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\64bit\JNIInterface.dll
2013-06-18 05:51 - 2013-06-18 05:51 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\64bit\ASFAPI.dll
2013-06-18 05:54 - 2013-06-18 05:54 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\64bit\MediaDB_Manager.dll
2013-02-14 11:41 - 2013-02-14 11:41 - 00030720 _____ () C:\WINDOWS\SYSTEM32\MediaDB64.dll
2013-02-14 11:41 - 2013-02-14 11:41 - 00905216 _____ () C:\WINDOWS\SYSTEM32\ContentDirectoryPresenter64.dll
2013-06-18 05:55 - 2013-06-18 05:55 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\64bit\DMS_Manager.dll
2013-04-15 10:52 - 2013-04-15 10:52 - 00049152 _____ () C:\WINDOWS\SYSTEM32\boost_date_time-vc90-mt-1_47.dll
2013-04-15 10:52 - 2013-04-15 10:52 - 00016896 _____ () C:\WINDOWS\SYSTEM32\boost_system-vc90-mt-1_47.dll
2013-04-15 10:52 - 2013-04-15 10:52 - 00058880 _____ () C:\WINDOWS\SYSTEM32\boost_thread-vc90-mt-1_47.dll
2013-04-15 10:52 - 2013-04-15 10:52 - 00299520 _____ () C:\WINDOWS\SYSTEM32\boost_serialization-vc90-mt-1_47.dll
2013-07-29 05:43 - 2013-06-06 05:15 - 00288720 _____ () C:\Program Files\Bitcasa\ExplorerMenu.dll
2013-07-29 05:43 - 2013-06-06 05:23 - 01645056 _____ () C:\Program Files\Bitcasa\bitcasaui.dll
2013-07-29 05:38 - 2013-05-09 09:38 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2013-07-29 05:50 - 2013-07-09 20:16 - 00042496 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll
2013-07-29 05:38 - 2013-05-09 09:38 - 00053248 _____ () C:\windows\SysWOW64\UMonit64.exe
2014-10-29 17:19 - 2014-10-29 17:19 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2014-11-29 18:48 - 2014-11-29 18:48 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-04-19 09:29 - 2013-04-19 09:29 - 01113600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\DMSManager.dll
2013-04-15 10:52 - 2013-04-15 10:52 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\boost_serialization-vc90-mt-1_47.dll
2013-04-15 10:53 - 2013-04-15 10:53 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\boost_date_time-vc90-mt-1_47.dll
2013-04-15 10:52 - 2013-04-15 10:52 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\boost_system-vc90-mt-1_47.dll
2013-04-15 10:53 - 2013-04-15 10:53 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\boost_thread-vc90-mt-1_47.dll
2013-04-19 08:37 - 2013-04-19 08:37 - 00704000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\ContentDirectoryPresenter.dll
2013-04-19 08:39 - 2013-04-19 08:39 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\DCMCDP.dll
2013-04-19 08:38 - 2013-04-19 08:38 - 00101376 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\FolderCDP.dll
2013-04-19 08:39 - 2013-04-19 08:39 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\Autobackup.dll
2013-04-19 08:38 - 2013-04-19 08:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\RosettaAllShare.dll
2013-04-19 09:29 - 2013-04-19 09:29 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\MetadataFramework.dll
2013-02-14 11:42 - 2013-02-14 11:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\sqlite3.dll
2013-02-14 11:42 - 2013-02-14 11:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\MoodExtractor.dll
2013-02-14 11:42 - 2013-02-14 11:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\DCMImgExtractor.dll
2013-04-12 00:58 - 2013-04-12 00:58 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AutoChaptering.dll
2013-04-19 09:29 - 2013-04-19 09:29 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AudioExtractor.dll
2013-04-19 08:58 - 2013-04-19 08:58 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\VideoExtractor.dll
2013-04-19 08:58 - 2013-04-19 08:58 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\ImageExtractor.dll
2013-04-19 08:58 - 2013-04-19 08:58 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\TextExtractor.dll
2013-02-14 11:42 - 2013-02-14 11:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\libexpat.dll
2013-04-12 00:58 - 2013-04-12 00:58 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\VideoThumb.dll
2013-04-19 09:29 - 2013-04-19 09:29 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\ID3Driver.dll
2013-04-19 08:58 - 2013-04-19 08:58 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\RichInfoDriver.dll
2013-04-19 08:58 - 2013-04-19 08:58 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\ThumbnailMaker.dll
2013-04-19 08:58 - 2013-04-19 08:58 - 00133632 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\VideoMetadataDriver.dll
2013-04-19 08:58 - 2013-04-19 08:58 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\SECMetaDriver.dll
2013-04-12 00:58 - 2013-04-12 00:58 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\photoDriver.dll
2013-02-14 11:42 - 2013-02-14 11:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\avcodec-52.dll
2013-02-14 11:42 - 2013-02-14 11:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\avformat-52.dll
2013-02-14 11:42 - 2013-02-14 11:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\avutil-50.dll
2013-02-14 11:42 - 2013-02-14 11:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\swscale-0.dll
2013-02-14 11:42 - 2013-02-14 11:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\tag.dll
2013-04-12 00:58 - 2013-04-12 00:58 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\libThumbnail.dll
2013-04-12 00:59 - 2013-04-12 00:59 - 01033216 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\ImageMagickWrapper.dll
2013-04-19 08:58 - 2013-04-19 08:58 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\libKeyFrame.dll
2013-02-14 11:42 - 2013-02-14 11:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\libexif-12.dll.dll
2013-02-14 11:42 - 2013-02-14 11:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\us.dll
2013-07-29 05:09 - 2013-06-27 01:33 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-10 08:32 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.6.0.27\wincfi39.dll
2013-10-10 15:39 - 2013-10-10 15:39 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2015-02-03 21:26 - 2015-02-03 21:26 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Samsung\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Samsung\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: McComponentHostService => 3
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
==================== Accounts: =============================
Administrator (S-1-5-21-1067650959-623007815-1153489054-500 - Administrator - Disabled)
Gast (S-1-5-21-1067650959-623007815-1153489054-501 - Limited - Enabled) => C:\Users\Gast
Samsung (S-1-5-21-1067650959-623007815-1153489054-1001 - Administrator - Enabled) => C:\Users\Samsung
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/06/2015 10:48:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b8
Startzeit: 01d042541a443d69
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: bfc57bec-ae49-11e4-bed0-1867b0b6525a
Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (02/06/2015 10:32:19 PM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ConnectionError(MaxRetryError("HTTPSConnectionPool(host='servicegateway.intel.com', port=443): Max retries exceeded with url: /DeviceProfile/Service.svc/Rest/DeviceProfileManager?deviceId=2ac98e4d-c306-42ad-911e-49a9b58f9caf&DomainId=50964a88-ab5f-4c91-b70e-66a2eadb5423 (Caused by <class 'socket.gaierror'>: [Errno 11001] getaddrinfo failed)",),))
Error: (02/06/2015 10:32:19 PM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ConnectionError(MaxRetryError("HTTPSConnectionPool(host='servicegateway.intel.com', port=443): Max retries exceeded with url: /DeviceProfile/Service.svc/Rest/DeviceProfileManager?deviceId=2ac98e4d-c306-42ad-911e-49a9b58f9caf&DomainId=E57B59E7-5862-4250-9CE0-76FB411DC0D2 (Caused by <class 'socket.gaierror'>: [Errno 11001] getaddrinfo failed)",),))
Error: (02/06/2015 10:32:19 PM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ConnectionError(MaxRetryError("HTTPSConnectionPool(host='servicegateway.intel.com', port=443): Max retries exceeded with url: /DeviceProfile/Service.svc/Rest/DeviceProfileManager?deviceId=2ac98e4d-c306-42ad-911e-49a9b58f9caf&DomainId=E57B59E7-5862-4250-9CE0-76FB411DC0D2 (Caused by <class 'socket.gaierror'>: [Errno 11001] getaddrinfo failed)",),))
Error: (02/06/2015 10:32:19 PM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ConnectionError(MaxRetryError("HTTPSConnectionPool(host='servicegateway.intel.com', port=443): Max retries exceeded with url: /DeviceProfile/Service.svc/Rest/DeviceProfileManager?deviceId=2ac98e4d-c306-42ad-911e-49a9b58f9caf&DomainId=4E00205A-2AB1-4423-8F77-CC25B82CDE1D (Caused by <class 'socket.gaierror'>: [Errno 11001] getaddrinfo failed)",),))
Error: (02/06/2015 10:32:19 PM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ConnectionError(MaxRetryError("HTTPSConnectionPool(host='servicegateway.intel.com', port=443): Max retries exceeded with url: /DeviceProfile/Service.svc/Rest/DeviceProfileManager?deviceId=2ac98e4d-c306-42ad-911e-49a9b58f9caf&DomainId=821fe777-bf67-463b-99f0-b2e0e4d9813b (Caused by <class 'socket.error'>: [Errno 10060] Ein Verbindungsversuch ist fehlgeschlagen, da die Gegenstelle nach einer bestimmten Zeitspanne nicht richtig reagiert hat, oder die hergestellte Verbindung war fehlerhaft, da der verbundene Host nicht reagiert hat)",),))
Error: (02/06/2015 10:31:30 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : HTTPConnectionPool(host='127.0.0.1', port=35600): Read timed out. (read timeout=60)
Error: (02/06/2015 10:30:42 PM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ConnectionError(MaxRetryError("HTTPSConnectionPool(host='servicegateway.intel.com', port=443): Max retries exceeded with url: /DeviceProfile/Service.svc/Rest/DeviceProfileManager?deviceId=2ac98e4d-c306-42ad-911e-49a9b58f9caf&DomainId=E57B59E7-5862-4250-9CE0-76FB411DC0D2 (Caused by <class 'socket.gaierror'>: [Errno 11001] getaddrinfo failed)",),))
Error: (02/06/2015 10:17:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1f44
Startzeit: 01d041ec9ddb542c
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: ed34886e-ade0-11e4-bed0-1867b0b6525a
Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (02/05/2015 06:18:25 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{8f6e667e-b9f9-4e18-8825-b468356b6fb1}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
System errors:
=============
Error: (02/05/2015 11:19:01 AM) (Source: DCOM) (EventID: 10016) (User: ROJAN)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}ROJANGastS-1-5-21-1067650959-623007815-1153489054-501LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/05/2015 11:18:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) HD Graphics Control Panel Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/05/2015 11:18:32 AM) (Source: DCOM) (EventID: 10016) (User: ROJAN)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}ROJANGastS-1-5-21-1067650959-623007815-1153489054-501LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/04/2015 02:31:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 11.
Error: (02/04/2015 02:10:08 PM) (Source: DCOM) (EventID: 10016) (User: ROJAN)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}ROJANSamsungS-1-5-21-1067650959-623007815-1153489054-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/04/2015 02:03:47 PM) (Source: DCOM) (EventID: 10016) (User: ROJAN)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}ROJANSamsungS-1-5-21-1067650959-623007815-1153489054-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/04/2015 01:56:55 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (02/04/2015 01:07:26 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (02/04/2015 01:07:26 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (02/04/2015 01:07:25 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Microsoft Office Sessions:
=========================
Error: (02/06/2015 10:48:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384b801d042541a443d694294967295C:\WINDOWS\system32\backgroundTaskHost.exebfc57bec-ae49-11e4-bed0-1867b0b6525aFacebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp
Error: (02/06/2015 10:32:19 PM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ConnectionError(MaxRetryError("HTTPSConnectionPool(host='servicegateway.intel.com', port=443): Max retries exceeded with url: /DeviceProfile/Service.svc/Rest/DeviceProfileManager?deviceId=2ac98e4d-c306-42ad-911e-49a9b58f9caf&DomainId=50964a88-ab5f-4c91-b70e-66a2eadb5423 (Caused by <class 'socket.gaierror'>: [Errno 11001] getaddrinfo failed)",),))
Error: (02/06/2015 10:32:19 PM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ConnectionError(MaxRetryError("HTTPSConnectionPool(host='servicegateway.intel.com', port=443): Max retries exceeded with url: /DeviceProfile/Service.svc/Rest/DeviceProfileManager?deviceId=2ac98e4d-c306-42ad-911e-49a9b58f9caf&DomainId=E57B59E7-5862-4250-9CE0-76FB411DC0D2 (Caused by <class 'socket.gaierror'>: [Errno 11001] getaddrinfo failed)",),))
Error: (02/06/2015 10:32:19 PM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ConnectionError(MaxRetryError("HTTPSConnectionPool(host='servicegateway.intel.com', port=443): Max retries exceeded with url: /DeviceProfile/Service.svc/Rest/DeviceProfileManager?deviceId=2ac98e4d-c306-42ad-911e-49a9b58f9caf&DomainId=E57B59E7-5862-4250-9CE0-76FB411DC0D2 (Caused by <class 'socket.gaierror'>: [Errno 11001] getaddrinfo failed)",),))
Error: (02/06/2015 10:32:19 PM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ConnectionError(MaxRetryError("HTTPSConnectionPool(host='servicegateway.intel.com', port=443): Max retries exceeded with url: /DeviceProfile/Service.svc/Rest/DeviceProfileManager?deviceId=2ac98e4d-c306-42ad-911e-49a9b58f9caf&DomainId=4E00205A-2AB1-4423-8F77-CC25B82CDE1D (Caused by <class 'socket.gaierror'>: [Errno 11001] getaddrinfo failed)",),))
Error: (02/06/2015 10:32:19 PM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ConnectionError(MaxRetryError("HTTPSConnectionPool(host='servicegateway.intel.com', port=443): Max retries exceeded with url: /DeviceProfile/Service.svc/Rest/DeviceProfileManager?deviceId=2ac98e4d-c306-42ad-911e-49a9b58f9caf&DomainId=821fe777-bf67-463b-99f0-b2e0e4d9813b (Caused by <class 'socket.error'>: [Errno 10060] Ein Verbindungsversuch ist fehlgeschlagen, da die Gegenstelle nach einer bestimmten Zeitspanne nicht richtig reagiert hat, oder die hergestellte Verbindung war fehlerhaft, da der verbundene Host nicht reagiert hat)",),))
Error: (02/06/2015 10:31:30 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : HTTPConnectionPool(host='127.0.0.1', port=35600): Read timed out. (read timeout=60)
Error: (02/06/2015 10:30:42 PM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ConnectionError(MaxRetryError("HTTPSConnectionPool(host='servicegateway.intel.com', port=443): Max retries exceeded with url: /DeviceProfile/Service.svc/Rest/DeviceProfileManager?deviceId=2ac98e4d-c306-42ad-911e-49a9b58f9caf&DomainId=E57B59E7-5862-4250-9CE0-76FB411DC0D2 (Caused by <class 'socket.gaierror'>: [Errno 11001] getaddrinfo failed)",),))
Error: (02/06/2015 10:17:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163841f4401d041ec9ddb542c4294967295C:\WINDOWS\system32\backgroundTaskHost.exeed34886e-ade0-11e4-bed0-1867b0b6525aFacebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp
Error: (02/05/2015 06:18:25 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{8f6e667e-b9f9-4e18-8825-b468356b6fb1}\Falscher Parameter. (0x80070057)
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 61%
Total physical RAM: 4010.94 MB
Available physical RAM: 1524.32 MB
Total Pagefile: 7722.94 MB
Available Pagefile: 4199.13 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:103.8 GB) (Free:25.62 GB) NTFS
Drive d: (OFFICE14) (CDROM) (Total:1.83 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 4E577B5F)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
07.02.2015, 12:31
| #4 |
| /// the machine /// TB-Ausbilder | Fehlermeldung - "Fehler: Server nicht gefunden" Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
MBAM updaten, scannen, Funde löschen. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.02.2015, 20:12
| #5 |
| | Fehlermeldung - "Fehler: Server nicht gefunden" Hi, bin wie beschrieben vorgegangen. Leider gibt es beim Uninstallversuch von Open Office Packages folgende Fehlermeldung: "Warnung - Uninstall ist fehgeschlagen! Vermutlich ungültiger deinstall Befehl!" LG Rosana |
|
08.02.2015, 11:31
| #6 |
| /// the machine /// TB-Ausbilder | Fehlermeldung - "Fehler: Server nicht gefunden" Einfach auf Ok klicken, Revo macht dann automatisch weiter.
__________________ --> Fehlermeldung - "Fehler: Server nicht gefunden" |
|
09.02.2015, 21:57
| #7 |
| | Fehlermeldung - "Fehler: Server nicht gefunden" Hi, AdwCleaner Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 08/02/2015 um 14:23:20
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-05.2 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Samsung - ROJAN
# Gestarted von : C:\Users\Samsung\Downloads\AdwCleaner_4.110.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Samsung\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Samsung\Documents\PC Speed Maximizer
***** [ Geplante Tasks ] *****
Task Gelöscht : RocketTab Update Task
Task Gelöscht : RocketTab
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{07CCAACC-C7AB-4FF6-9AD1-7EE0F6570877}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Wajam
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v35.0.1 (x86 de)
[7l4fwdog.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://vosteran.com/?f=1&a=vst_ggbg_15_04_ie&cd=2XzuyEtN2Y1L1QzuyD0EyDtCyE0FtByCyBzyzztAyDyB0DyEtN0D0Tzu0StCtCtCyDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1[...]
[7l4fwdog.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://vosteran.com/?f=2&a=vst_ggbg_15_04_ie&cd=2XzuyEtN2Y1L1QzuyD0EyDtCyE0FtByCyBzyzztAyDyB0DyEtN0D0Tzu0StCtCtCyDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDy[...]
[7l4fwdog.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[7l4fwdog.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[7l4fwdog.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://vosteran.com/?f=3&a=vst_ggbg_15_04_ie&cd=2XzuyEtN2Y1L1QzuyD0EyDtCyE0FtByCyBzyzztAyDyB0DyEtN0D0Tzu0StCtCtCyDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzyt[...]
[7l4fwdog.default\prefs.js] - Zeile Gelöscht : user_pref("startpage.ntsearch_url", "hxxps://de.search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=937811&p={searchTerms}");
*************************
AdwCleaner[R0].txt - [3642 Bytes] - [08/02/2015 14:08:27]
AdwCleaner[R1].txt - [3701 Bytes] - [08/02/2015 14:21:08]
AdwCleaner[S0].txt - [3453 Bytes] - [08/02/2015 14:23:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3512 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Samsung on 09.02.2015 at 20:01:14,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.02.2015 at 20:04:38,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Samsung (administrator) on ROJAN on 09-02-2015 20:08:06
Running from C:\Users\Samsung\Downloads
Loaded Profiles: Samsung (Available profiles: Samsung & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\HPWA\iBTAudioSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Samsung Electronics Co., Ltd.) C:\ProgramData\Samsung\LCDModeChecker\LCDModeChecker.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\Intel_ClonePatchTool\Intel_ClonePatchTool.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Windows\SysWOW64\UMonit64.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\Samsung\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Samsung\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\HPWA\iBTAudioMon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkDMS.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [UMonit64] => C:\windows\SysWOW64\UMonit64.exe [53248 2013-05-09] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [3965904 2013-06-06] ()
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [597576 2013-07-09] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-11-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-07-28] (Realtek Semiconductor)
HKLM\...\RunOnce: [Reboot1] => timeout /t 1
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Samsung\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\MountPoints2: {25a7139a-601e-11e4-beb8-5c514f267987} - "D:\AutoRun.exe"
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\MountPoints2: {25a713d1-601e-11e4-beb8-5c514f267987} - "F:\AutoRun.exe"
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\MountPoints2: {27cd8275-a882-11e4-bec5-1867b0b6525a} - "G:\SetupWi-Fi.exe"
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\MountPoints2: {8ec44a2f-7e66-11e4-bebb-5c514f267987} - "D:\SETUP.EXE"
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\MountPoints2: {9e28a7b8-6f0a-11e4-beb8-5c514f267987} - "D:\launcher.exe"
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iBTAudioMon.lnk
ShortcutTarget: iBTAudioMon.lnk -> C:\Program Files (x86)\Intel\HPWA\iBTAudioMon.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {97B99FDF-AD2F-40D6-98B6-9F64EB81FC8B} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {97B99FDF-AD2F-40D6-98B6-9F64EB81FC8B} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-1067650959-623007815-1153489054-1001] => file://C:\Program Files (x86)\Solution Real\bin\Pac9064.js
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hotmail.com/
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com/?pc=smjb
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1067650959-623007815-1153489054-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1067650959-623007815-1153489054-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://google.es/
FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.1 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF Extension: Solution Real 1.0.1 - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\Extensions\{4cff408a-d9e7-47c3-a711-95133fcf7f45}.xpi [2015-01-20]
FF Extension: Adblock Plus - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\7l4fwdog.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-21]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF [2013-11-13]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn [2015-02-08]
FF HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-10]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkManagerDMS.exe [404360 2013-06-18] (Samsung) [File not signed]
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-16] (Intel)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-05] (ELAN Microelectronics Corp.)
R2 iBTAudioSrv; C:\Program Files (x86)\Intel\HPWA\iBTAudioSrv.exe [573384 2014-07-25] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121304 2014-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-06-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-06-27] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-06-27] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [605768 2013-07-09] (Copyright 2013 SAMSUNG)
R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [1595440 2013-10-10] (Samsung Electronics CO., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-06-17] (Motorola Solutions, Inc.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352448 2013-02-11] (EldoS Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-12-08] (Disc Soft Ltd)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) [File not signed]
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22832 2013-07-24] (ELAN Microelectronic Corp.)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [91368 2013-03-22] (GenesysLogic)
S3 ibtsdp; C:\Windows\system32\DRIVERS\ibtsdp.sys [40904 2014-07-25] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [220104 2014-08-07] (Intel Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20131223.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-04-15] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-04-15] ()
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-06-27] (Intel Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20131223.024\ENG64.SYS [126040 2013-11-13] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20131223.024\EX64.SYS [2099288 2013-11-13] (Symantec Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3479528 2014-08-21] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew02.sys [3648480 2013-10-08] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2013-03-04] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-29] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207768 2013-04-16] (Windows (R) Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-02-08] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-09 20:07 - 2015-02-09 20:07 - 00000000 ____D () C:\Users\Samsung\Downloads\FRST-OlderVersion
2015-02-09 20:04 - 2015-02-09 20:04 - 00000616 _____ () C:\Users\Samsung\Desktop\JRT.txt
2015-02-08 14:35 - 2015-02-08 14:35 - 00003600 _____ () C:\Users\Samsung\Desktop\AdwCleaner[S0].txt
2015-02-08 14:05 - 2015-02-08 14:23 - 00000000 ____D () C:\AdwCleaner
2015-02-08 14:05 - 2015-02-08 14:05 - 02112512 _____ () C:\Users\Samsung\Downloads\AdwCleaner_4.110.exe
2015-02-07 20:02 - 2015-02-07 20:02 - 00001280 _____ () C:\Users\Samsung\Desktop\Revo Uninstaller.lnk
2015-02-07 20:02 - 2015-02-07 20:02 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-07 20:01 - 2015-02-07 20:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Samsung\Downloads\revosetup95.exe
2015-02-06 22:50 - 2015-02-06 22:50 - 00036535 _____ () C:\Users\Samsung\Downloads\Addition.txt
2015-02-06 22:49 - 2015-02-09 20:08 - 00023111 _____ () C:\Users\Samsung\Downloads\FRST.txt
2015-02-06 22:49 - 2015-02-09 20:08 - 00000000 ____D () C:\FRST
2015-02-06 22:48 - 2015-02-09 20:07 - 02132992 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2015-02-05 17:18 - 2015-02-05 17:18 - 00037118 _____ () C:\Users\Samsung\Documents\Suchlauf 04.02.2015 Malewarbytes.txt
2015-02-05 11:19 - 2015-02-05 11:19 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Mozilla
2015-02-05 11:19 - 2015-02-05 11:19 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla
2015-02-05 11:19 - 2015-02-05 11:19 - 00000000 ____D () C:\Users\Gast\AppData\Local\Absolute_Software
2015-02-05 11:19 - 2015-02-05 11:19 - 00000000 _____ () C:\Users\Gast\AppData\Roaming\AbsoluteReminder.xml
2015-02-05 11:18 - 2015-02-05 11:18 - 00001450 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-05 11:18 - 2015-02-05 11:18 - 00001168 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBT Audio Monitor.lnk
2015-02-05 11:18 - 2015-02-05 11:18 - 00000020 ___SH () C:\Users\Gast\ntuser.ini
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Vorlagen
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Startmenü
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Netzwerkumgebung
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Lokale Einstellungen
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Eigene Dateien
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Druckumgebung
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Musik
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Bilder
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Verlauf
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Anwendungsdaten
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Anwendungsdaten
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\Documents\Meine empfangenen Dateien
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Intel
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Adobe
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Local\SAMSUNG
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Local\Adobe
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\.swt
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast
2015-02-05 11:18 - 2014-12-07 01:08 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-05 11:18 - 2014-09-24 08:43 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-05 11:18 - 2014-09-24 07:18 - 00000369 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-02-05 11:18 - 2014-09-24 07:18 - 00000369 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-02-05 11:18 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-05 11:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-04 15:01 - 2015-02-04 15:17 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-02-03 21:26 - 2015-02-03 21:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-02 23:55 - 2015-02-02 23:55 - 22948022 _____ () C:\Users\Samsung\Desktop\Klettern für Villa Entspania.zip
2015-02-02 23:44 - 2015-02-02 23:44 - 00000000 ____D () C:\Users\Samsung\.android
2015-02-02 23:30 - 2015-02-02 23:35 - 00000000 ____D () C:\Users\Samsung\Desktop\Klettern für Villa Entspania
2015-01-29 16:39 - 2015-01-29 16:39 - 00011085 _____ () C:\Users\Samsung\Documents\Maleware-Scan 29.01.2015.txt
2015-01-29 16:23 - 2015-02-08 14:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 16:23 - 2015-01-29 16:23 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-29 16:23 - 2015-01-29 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-29 16:23 - 2015-01-29 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 16:23 - 2015-01-29 16:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-29 16:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-29 16:23 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-29 16:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-26 12:30 - 2015-01-26 12:30 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-26 12:30 - 2014-08-12 19:23 - 04023768 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2015-01-26 12:30 - 2014-08-12 16:53 - 01313211 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2015-01-26 12:30 - 2014-08-08 15:00 - 67562496 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2015-01-26 12:30 - 2014-08-07 16:54 - 02857328 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2015-01-26 12:30 - 2014-08-06 13:43 - 02860760 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2015-01-26 12:30 - 2014-07-30 15:39 - 00956120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2015-01-26 12:30 - 2014-07-04 11:07 - 01024728 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2015-01-26 12:30 - 2014-06-17 13:32 - 01286872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2015-01-26 12:30 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2015-01-26 12:30 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2015-01-26 12:30 - 2014-04-10 12:19 - 14863448 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2015-01-26 12:30 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2015-01-26 12:30 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2015-01-26 12:30 - 2014-04-10 12:19 - 01063512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2015-01-26 12:30 - 2014-04-07 16:03 - 06218072 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2015-01-26 12:30 - 2014-04-07 16:03 - 01939800 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2015-01-26 12:30 - 2014-04-07 16:03 - 00315736 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2015-01-26 12:30 - 2014-04-07 16:03 - 00261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2015-01-26 12:30 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2015-01-26 12:30 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2015-01-26 12:30 - 2014-02-06 11:28 - 05804772 _____ () C:\WINDOWS\system32\Drivers\rtvienna.dat
2015-01-26 12:30 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2015-01-26 12:30 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2015-01-26 12:30 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2015-01-26 12:30 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2015-01-26 12:29 - 2015-01-26 12:29 - 00003736 _____ () C:\WINDOWS\System32\Tasks\SettingsHibernateMonitor
2015-01-26 12:29 - 2015-01-26 12:29 - 00003548 _____ () C:\WINDOWS\System32\Tasks\LaunchSettings
2015-01-26 12:29 - 2015-01-26 12:29 - 00000000 ____D () C:\Program Files\Elantech
2015-01-26 12:29 - 2013-07-24 14:57 - 00022832 _____ (ELAN Microelectronic Corp.) C:\WINDOWS\system32\Drivers\ETDSMBus.sys
2015-01-26 12:24 - 2015-01-26 12:24 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-01-26 12:24 - 2015-01-26 12:24 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-01-26 12:23 - 2015-01-26 12:23 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Samsung
2015-01-26 12:22 - 2015-02-04 14:26 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\BRT
2015-01-26 12:22 - 2015-01-26 12:22 - 00000000 ____D () C:\Users\Samsung\Documents\Meine empfangenen Dateien
2015-01-26 12:21 - 2015-01-26 12:21 - 00000000 ____D () C:\WINDOWS\RSTLog
2015-01-26 12:20 - 2015-01-26 12:20 - 00003352 _____ () C:\WINDOWS\System32\Tasks\IntelGfxColorWA2
2015-01-26 12:20 - 2015-01-26 12:20 - 00000724 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk
2015-01-26 12:19 - 2015-01-26 12:19 - 00002970 _____ () C:\WINDOWS\System32\Tasks\SamsungLinkPC
2015-01-26 12:18 - 2013-07-31 05:06 - 02214216 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\ETDUninst.dll
2015-01-26 12:17 - 2015-01-26 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-01-26 11:46 - 2015-01-26 11:46 - 00027648 _____ () C:\Users\Samsung\Downloads\Rechnung 17.09.2013.xls
2015-01-26 11:44 - 2015-01-26 11:44 - 00033280 _____ () C:\Users\Samsung\Downloads\Rechnung 21. Januar 2013.xls
2015-01-25 21:48 - 2015-01-25 21:48 - 00000000 ____D () C:\Program Files\DIFX
2015-01-22 12:53 - 2015-01-22 12:53 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\OpenOffice
2015-01-22 12:39 - 2015-01-22 12:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-01-22 09:54 - 2015-01-22 09:54 - 00022528 _____ () C:\Users\Samsung\AppData\Local\dsisetup1651910152.exe
2015-01-22 09:54 - 2015-01-22 09:54 - 00000001 _____ () C:\Users\Samsung\AppData\Local\DSI.DAT
2015-01-20 17:12 - 2015-01-20 17:12 - 00003768 _____ () C:\WINDOWS\System32\Tasks\RunTool
2015-01-20 14:54 - 2015-01-27 19:55 - 00000132 _____ () C:\Users\Samsung\AppData\Roaming\WB.CFG
2015-01-20 11:57 - 2015-01-20 11:57 - 00001128 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2015-01-20 11:57 - 2015-01-20 11:57 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2015-01-20 11:57 - 2015-01-20 11:57 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-01-20 11:55 - 2015-01-20 11:56 - 00000000 ____D () C:\Users\Samsung\Desktop\OpenOffice 4.1.0 (en-US) Installation Files
2015-01-20 11:53 - 2015-01-20 11:53 - 140910890 _____ () C:\Users\Samsung\Downloads\OpenOfficeSetup.exe
2015-01-20 11:53 - 2015-01-20 11:53 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z
2015-01-20 11:44 - 2015-01-20 11:44 - 00846104 _____ ( ) C:\Users\Samsung\Downloads\Open_office_Setup.exe
2015-01-16 13:12 - 2015-01-16 14:25 - 00000000 ____D () C:\Users\Samsung\Desktop\bw-invest Newsletter
2015-01-16 12:21 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-16 12:21 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-16 12:21 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-16 12:21 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-16 12:21 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-16 12:21 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-16 12:21 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-16 12:21 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-16 12:21 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-16 12:21 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-16 12:21 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-16 12:21 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-16 12:21 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-16 12:21 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-16 12:21 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-16 12:21 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-16 12:21 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-16 12:21 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-16 12:21 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-16 12:21 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-16 12:21 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-16 12:21 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-16 12:21 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-16 12:21 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-16 12:21 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-16 12:21 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-16 12:21 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-16 12:21 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-16 12:21 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-16 12:21 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-16 12:21 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-14 17:11 - 2015-01-14 17:11 - 00000000 ____D () C:\Users\Samsung\AppData\Local\580d2d6e-6e24-4802-b686-426a4bb47fef
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-09 20:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-09 20:02 - 2014-11-26 17:50 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-09 20:01 - 2014-09-24 07:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-09 20:01 - 2014-09-24 06:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-09 20:01 - 2014-09-24 06:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-09 19:58 - 2014-10-26 00:39 - 02082639 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-09 19:56 - 2013-11-13 02:37 - 00000000 ____D () C:\Users\Samsung\AppData\Local\CrashDumps
2015-02-09 19:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-08 14:34 - 2013-07-29 05:42 - 00000000 ____D () C:\ProgramData\WinClon
2015-02-08 14:32 - 2014-11-17 12:15 - 00000000 ____D () C:\Users\Samsung\OneDrive
2015-02-08 14:29 - 2014-10-23 13:43 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2015-02-08 14:29 - 2014-09-23 22:06 - 00076894 _____ () C:\WINDOWS\PFRO.log
2015-02-08 14:29 - 2013-08-22 15:46 - 00352178 _____ () C:\WINDOWS\setupact.log
2015-02-08 14:29 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-08 14:29 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-08 14:29 - 2013-07-29 05:53 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2015-02-07 20:13 - 2013-11-09 07:10 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1067650959-623007815-1153489054-1001
2015-02-04 22:02 - 2014-11-26 17:50 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 14:29 - 2013-11-09 03:21 - 00035528 _____ () C:\Users\Samsung\AppData\Roaming\AbsoluteReminder.xml
2015-02-04 14:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\security
2015-02-04 14:03 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini
2015-02-04 13:10 - 2014-10-27 10:10 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FD16278B-F34C-432A-BD3D-7A7390862BE8}
2015-02-04 11:10 - 2014-10-30 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-02 23:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-02 23:44 - 2014-10-25 12:51 - 00000000 ____D () C:\Users\Samsung
2015-02-02 18:32 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-30 14:14 - 2014-11-18 10:07 - 00000000 ____D () C:\WINDOWS\SysWOW64\SupportAppPBHostless Modem
2015-01-30 14:14 - 2014-11-18 10:07 - 00000000 ____D () C:\Program Files (x86)\Hostless Modem
2015-01-29 23:02 - 2013-11-09 03:20 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Packages
2015-01-27 20:21 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-26 12:30 - 2014-10-25 12:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2015-01-26 12:30 - 2013-07-29 05:38 - 00000206 _____ () C:\setup.log
2015-01-26 12:30 - 2013-07-29 04:01 - 00002787 _____ () C:\RHDSetup.log
2015-01-26 12:30 - 2013-07-29 04:01 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-01-26 12:29 - 2014-10-26 00:41 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-01-26 12:29 - 2013-07-29 05:53 - 00016352 _____ () C:\WINDOWS\system32\results.xml
2015-01-26 12:29 - 2013-07-29 04:03 - 00079470 _____ () C:\WINDOWS\DPINST.LOG
2015-01-26 12:29 - 2013-07-29 04:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-26 12:29 - 2013-07-29 04:01 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-26 12:25 - 2013-07-29 05:09 - 00000000 ____D () C:\Intel
2015-01-26 12:25 - 2013-07-29 04:03 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-26 12:25 - 2013-07-29 04:03 - 00000000 ____D () C:\ProgramData\Intel
2015-01-26 12:25 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated
2015-01-26 12:24 - 2014-10-25 12:49 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-26 12:23 - 2014-10-25 12:49 - 00000000 ____D () C:\Program Files\Intel
2015-01-26 12:22 - 2013-08-22 15:46 - 00001196 _____ () C:\WINDOWS\setuperr.log
2015-01-26 12:21 - 2013-11-09 03:21 - 00001168 _____ () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBT Audio Monitor.lnk
2015-01-26 12:20 - 2013-07-29 05:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-01-26 12:20 - 2013-07-29 04:01 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-24 21:20 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 12:51 - 2014-11-24 11:30 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-01-20 20:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2015-01-20 12:01 - 2013-08-22 15:44 - 00411080 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-20 12:00 - 2013-11-16 10:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-20 11:58 - 2013-11-16 10:19 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-20 11:54 - 2014-10-30 12:26 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-16 12:17 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
==================== Files in the root of some directories =======
2013-11-09 03:21 - 2015-02-04 14:29 - 0035528 _____ () C:\Users\Samsung\AppData\Roaming\AbsoluteReminder.xml
2014-10-30 11:30 - 2014-10-30 11:30 - 0076976 _____ () C:\Users\Samsung\AppData\Roaming\LoJackSetup.exe
2015-01-20 14:54 - 2015-01-27 19:55 - 0000132 _____ () C:\Users\Samsung\AppData\Roaming\WB.CFG
2015-01-22 09:54 - 2015-01-22 09:54 - 0000001 _____ () C:\Users\Samsung\AppData\Local\DSI.DAT
2015-01-22 09:54 - 2015-01-22 09:54 - 0022528 _____ () C:\Users\Samsung\AppData\Local\dsisetup1651910152.exe
2015-01-26 12:30 - 2015-01-26 12:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-07-29 05:45 - 2013-02-19 08:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-07-29 05:45 - 2013-01-12 15:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
2013-03-19 03:32 - 2013-03-19 03:32 - 0010011 _____ () C:\ProgramData\regid.2012-01.com.intel.discover-at_512FCF1B-3685-45F2-A1E9-63AEF7F79B35.swidtag
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-01 11:33
==================== End Of Log ============================
--- --- --- LG Rosana Noch eine Bemerkung nebenbei, mir viel es extrem schwer die vorige Antwort zu verfassen, da bei jedem Anmeldeversuch die Website Real Solution aufging und das weitere Surfen zunichte machte. |
|
09.02.2015, 22:02
| #8 |
| | Fehlermeldung - "Fehler: Server nicht gefunden" Weiter macht mir folgendes Sorgen:  Symatec Service Framework...ich kann den Task auch nicht beenden und der Laptop dreht natürlich bei der Belastung extrem hoch und ist verlangsamt. |
|
09.02.2015, 23:22
| #9 |
| | Fehlermeldung - "Fehler: Server nicht gefunden" Hi, sorry, das Problem mit Norton Internet Security hat sich nach einem Neustart erledigt. Habe die App daraufhin auch deinstalliert, da sie sowieso ausgelaufen war und nur Probleme verursacht hatte. LG Rosana |
|
10.02.2015, 15:12
| #10 |
| /// the machine /// TB-Ausbilder | Fehlermeldung - "Fehler: Server nicht gefunden" Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.02.2015, 00:22
| #11 |
| | Fehlermeldung - "Fehler: Server nicht gefunden" Hi, Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6999087dcf073d4ba2e12b4845da567d
# engine=22407
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-10 10:31:51
# local_time=2015-02-10 11:31:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 34068 13911830 0 0
# scanned=203124
# found=2
# cleaned=0
# scan_time=5015
sh=83B6BBC813135A255B45E83AC509D28D486F76B9 ft=1 fh=ad6981bb4a8cab3a vn="Variante von Win32/InstallCore.UE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Samsung\Downloads\Open_office_Setup.exe"
sh=CA3A5B9A38AF995906162E5AFF387234C8A72187 ft=1 fh=6a1ccf49de0a729c vn="Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Samsung\Downloads\Pet-Rescue-Saga-lnstall.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.96
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Samsung (administrator) on ROJAN on 11-02-2015 00:12:00
Running from C:\Users\Samsung\Downloads
Loaded Profiles: Samsung (Available profiles: Samsung & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\HPWA\iBTAudioSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Samsung Electronics Co., Ltd.) C:\ProgramData\Samsung\LCDModeChecker\LCDModeChecker.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\Intel_ClonePatchTool\Intel_ClonePatchTool.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Windows\SysWOW64\UMonit64.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\Samsung\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Samsung\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\HPWA\iBTAudioMon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\Intel_ClonePatchTool\Intel_ClonePatchTool.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkDMS.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
() C:\Program Files\WindowsApps\BuhlDataServiceGmbH.finanzblick_2.2.0.78_neutral__c1haj0axx9sqw\Finanzblick.WinApp.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Samsung\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [UMonit64] => C:\windows\SysWOW64\UMonit64.exe [53248 2013-05-09] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [3965904 2013-06-06] ()
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [597576 2013-07-09] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-11-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-07-28] (Realtek Semiconductor)
HKLM\...\RunOnce: [Reboot1] => timeout /t 1
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Samsung\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\MountPoints2: {25a7139a-601e-11e4-beb8-5c514f267987} - "D:\AutoRun.exe"
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\MountPoints2: {25a713d1-601e-11e4-beb8-5c514f267987} - "F:\AutoRun.exe"
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\MountPoints2: {27cd8275-a882-11e4-bec5-1867b0b6525a} - "G:\SetupWi-Fi.exe"
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\MountPoints2: {8ec44a2f-7e66-11e4-bebb-5c514f267987} - "D:\SETUP.EXE"
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\MountPoints2: {9e28a7b8-6f0a-11e4-beb8-5c514f267987} - "D:\launcher.exe"
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iBTAudioMon.lnk
ShortcutTarget: iBTAudioMon.lnk -> C:\Program Files (x86)\Intel\HPWA\iBTAudioMon.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {97B99FDF-AD2F-40D6-98B6-9F64EB81FC8B} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {97B99FDF-AD2F-40D6-98B6-9F64EB81FC8B} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-1067650959-623007815-1153489054-1001] => file://C:\Program Files (x86)\Solution Real\bin\Pac9064.js
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hotmail.com/
HKU\S-1-5-21-1067650959-623007815-1153489054-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com/?pc=smjb
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1067650959-623007815-1153489054-1001 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1067650959-623007815-1153489054-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-1067650959-623007815-1153489054-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\cnhxvxo3.default-1423597717338
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.1 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF Extension: Adblock Plus - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\cnhxvxo3.default-1423597717338\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-10]
FF HKU\S-1-5-21-1067650959-623007815-1153489054-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.14\AllShareFrameworkManagerDMS.exe [404360 2013-06-18] (Samsung) [File not signed]
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-16] (Intel)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-05] (ELAN Microelectronics Corp.)
R2 iBTAudioSrv; C:\Program Files (x86)\Intel\HPWA\iBTAudioSrv.exe [573384 2014-07-25] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121304 2014-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-06-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-06-27] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-06-27] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [605768 2013-07-09] (Copyright 2013 SAMSUNG)
R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [1595440 2013-10-10] (Samsung Electronics CO., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-06-17] (Motorola Solutions, Inc.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352448 2013-02-11] (EldoS Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-12-08] (Disc Soft Ltd)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22832 2013-07-24] (ELAN Microelectronic Corp.)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [91368 2013-03-22] (GenesysLogic)
S3 ibtsdp; C:\Windows\system32\DRIVERS\ibtsdp.sys [40904 2014-07-25] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [220104 2014-08-07] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-04-15] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-04-15] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-06-27] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3479528 2014-08-21] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew02.sys [3648480 2013-10-08] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207768 2013-04-16] (Windows (R) Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-02-10] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-11 00:10 - 2015-02-11 00:10 - 00000757 _____ () C:\Users\Samsung\Desktop\checkup.txt
2015-02-11 00:00 - 2015-02-11 00:00 - 02132992 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64(1).exe
2015-02-10 23:49 - 2015-02-10 23:49 - 00852594 _____ () C:\Users\Samsung\Downloads\SecurityCheck.exe
2015-02-10 21:22 - 2015-02-10 21:23 - 02347384 _____ (ESET) C:\Users\Samsung\Downloads\esetsmartinstaller_deu.exe
2015-02-10 20:48 - 2015-02-10 20:48 - 00000000 ____D () C:\Users\Samsung\Desktop\Alte Firefox-Daten
2015-02-10 20:39 - 2015-02-10 20:39 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-10 20:39 - 2015-02-10 20:39 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-10 20:39 - 2015-02-10 20:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-10 20:39 - 2015-02-10 20:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-10 20:23 - 2015-02-10 20:23 - 00243664 _____ () C:\Users\Samsung\Downloads\Firefox Setup Stub 35.0.1.exe
2015-02-09 20:07 - 2015-02-09 20:07 - 00000000 ____D () C:\Users\Samsung\Downloads\FRST-OlderVersion
2015-02-09 20:04 - 2015-02-09 20:04 - 00000616 _____ () C:\Users\Samsung\Desktop\JRT.txt
2015-02-08 14:35 - 2015-02-08 14:35 - 00003600 _____ () C:\Users\Samsung\Desktop\AdwCleaner[S0].txt
2015-02-08 14:05 - 2015-02-08 14:23 - 00000000 ____D () C:\AdwCleaner
2015-02-08 14:05 - 2015-02-08 14:05 - 02112512 _____ () C:\Users\Samsung\Downloads\AdwCleaner_4.110.exe
2015-02-07 20:02 - 2015-02-07 20:02 - 00001280 _____ () C:\Users\Samsung\Desktop\Revo Uninstaller.lnk
2015-02-07 20:02 - 2015-02-07 20:02 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-07 20:01 - 2015-02-07 20:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Samsung\Downloads\revosetup95.exe
2015-02-06 22:50 - 2015-02-06 22:50 - 00036535 _____ () C:\Users\Samsung\Downloads\Addition.txt
2015-02-06 22:49 - 2015-02-11 00:12 - 00019346 _____ () C:\Users\Samsung\Downloads\FRST.txt
2015-02-06 22:49 - 2015-02-11 00:12 - 00000000 ____D () C:\FRST
2015-02-06 22:48 - 2015-02-09 20:07 - 02132992 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2015-02-05 17:18 - 2015-02-05 17:18 - 00037118 _____ () C:\Users\Samsung\Documents\Suchlauf 04.02.2015 Malewarbytes.txt
2015-02-05 11:19 - 2015-02-05 11:19 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Mozilla
2015-02-05 11:19 - 2015-02-05 11:19 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla
2015-02-05 11:19 - 2015-02-05 11:19 - 00000000 ____D () C:\Users\Gast\AppData\Local\Absolute_Software
2015-02-05 11:19 - 2015-02-05 11:19 - 00000000 _____ () C:\Users\Gast\AppData\Roaming\AbsoluteReminder.xml
2015-02-05 11:18 - 2015-02-05 11:18 - 00001450 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-05 11:18 - 2015-02-05 11:18 - 00001168 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBT Audio Monitor.lnk
2015-02-05 11:18 - 2015-02-05 11:18 - 00000020 ___SH () C:\Users\Gast\ntuser.ini
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Vorlagen
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Startmenü
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Netzwerkumgebung
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Lokale Einstellungen
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Eigene Dateien
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Druckumgebung
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Musik
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Bilder
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Verlauf
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Anwendungsdaten
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 _SHDL () C:\Users\Gast\Anwendungsdaten
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\Documents\Meine empfangenen Dateien
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Intel
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Adobe
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Local\SAMSUNG
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\AppData\Local\Adobe
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast\.swt
2015-02-05 11:18 - 2015-02-05 11:18 - 00000000 ____D () C:\Users\Gast
2015-02-05 11:18 - 2014-12-07 01:08 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-05 11:18 - 2014-09-24 08:43 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-05 11:18 - 2014-09-24 07:18 - 00000369 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-02-05 11:18 - 2014-09-24 07:18 - 00000369 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-02-05 11:18 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-05 11:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-04 15:01 - 2015-02-04 15:17 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-02-02 23:55 - 2015-02-02 23:55 - 22948022 _____ () C:\Users\Samsung\Desktop\Klettern für Villa Entspania.zip
2015-02-02 23:44 - 2015-02-02 23:44 - 00000000 ____D () C:\Users\Samsung\.android
2015-02-02 23:30 - 2015-02-10 14:35 - 00000000 ____D () C:\Users\Samsung\Desktop\Klettern für Villa Entspania
2015-01-29 16:39 - 2015-01-29 16:39 - 00011085 _____ () C:\Users\Samsung\Documents\Maleware-Scan 29.01.2015.txt
2015-01-29 16:23 - 2015-02-10 20:11 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 16:23 - 2015-01-29 16:23 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-29 16:23 - 2015-01-29 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-29 16:23 - 2015-01-29 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 16:23 - 2015-01-29 16:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-29 16:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-29 16:23 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-29 16:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-26 12:30 - 2015-01-26 12:30 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-26 12:30 - 2014-08-12 19:23 - 04023768 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2015-01-26 12:30 - 2014-08-12 16:53 - 01313211 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2015-01-26 12:30 - 2014-08-08 15:00 - 67562496 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2015-01-26 12:30 - 2014-08-07 16:54 - 02857328 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2015-01-26 12:30 - 2014-08-06 13:43 - 02860760 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2015-01-26 12:30 - 2014-07-30 15:39 - 00956120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2015-01-26 12:30 - 2014-07-04 11:07 - 01024728 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2015-01-26 12:30 - 2014-06-17 13:32 - 01286872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2015-01-26 12:30 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2015-01-26 12:30 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2015-01-26 12:30 - 2014-04-10 12:19 - 14863448 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2015-01-26 12:30 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2015-01-26 12:30 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2015-01-26 12:30 - 2014-04-10 12:19 - 01063512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2015-01-26 12:30 - 2014-04-07 16:03 - 06218072 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2015-01-26 12:30 - 2014-04-07 16:03 - 01939800 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2015-01-26 12:30 - 2014-04-07 16:03 - 00315736 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2015-01-26 12:30 - 2014-04-07 16:03 - 00261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2015-01-26 12:30 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2015-01-26 12:30 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2015-01-26 12:30 - 2014-02-06 11:28 - 05804772 _____ () C:\WINDOWS\system32\Drivers\rtvienna.dat
2015-01-26 12:30 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2015-01-26 12:30 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2015-01-26 12:30 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2015-01-26 12:30 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2015-01-26 12:29 - 2015-01-26 12:29 - 00003736 _____ () C:\WINDOWS\System32\Tasks\SettingsHibernateMonitor
2015-01-26 12:29 - 2015-01-26 12:29 - 00003548 _____ () C:\WINDOWS\System32\Tasks\LaunchSettings
2015-01-26 12:29 - 2015-01-26 12:29 - 00000000 ____D () C:\Program Files\Elantech
2015-01-26 12:29 - 2013-07-24 14:57 - 00022832 _____ (ELAN Microelectronic Corp.) C:\WINDOWS\system32\Drivers\ETDSMBus.sys
2015-01-26 12:24 - 2015-01-26 12:24 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-01-26 12:24 - 2015-01-26 12:24 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-01-26 12:23 - 2015-01-26 12:23 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Samsung
2015-01-26 12:22 - 2015-02-04 14:26 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\BRT
2015-01-26 12:22 - 2015-01-26 12:22 - 00000000 ____D () C:\Users\Samsung\Documents\Meine empfangenen Dateien
2015-01-26 12:21 - 2015-01-26 12:21 - 00000000 ____D () C:\WINDOWS\RSTLog
2015-01-26 12:20 - 2015-01-26 12:20 - 00003352 _____ () C:\WINDOWS\System32\Tasks\IntelGfxColorWA2
2015-01-26 12:20 - 2015-01-26 12:20 - 00000724 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk
2015-01-26 12:19 - 2015-01-26 12:19 - 00002970 _____ () C:\WINDOWS\System32\Tasks\SamsungLinkPC
2015-01-26 12:18 - 2013-07-31 05:06 - 02214216 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\ETDUninst.dll
2015-01-26 12:17 - 2015-01-26 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-01-26 11:46 - 2015-01-26 11:46 - 00027648 _____ () C:\Users\Samsung\Downloads\Rechnung 17.09.2013.xls
2015-01-26 11:44 - 2015-01-26 11:44 - 00033280 _____ () C:\Users\Samsung\Downloads\Rechnung 21. Januar 2013.xls
2015-01-25 21:48 - 2015-01-25 21:48 - 00000000 ____D () C:\Program Files\DIFX
2015-01-22 12:53 - 2015-01-22 12:53 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\OpenOffice
2015-01-22 12:39 - 2015-01-22 12:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-01-22 09:54 - 2015-01-22 09:54 - 00022528 _____ () C:\Users\Samsung\AppData\Local\dsisetup1651910152.exe
2015-01-22 09:54 - 2015-01-22 09:54 - 00000001 _____ () C:\Users\Samsung\AppData\Local\DSI.DAT
2015-01-20 17:12 - 2015-01-20 17:12 - 00003768 _____ () C:\WINDOWS\System32\Tasks\RunTool
2015-01-20 14:54 - 2015-01-27 19:55 - 00000132 _____ () C:\Users\Samsung\AppData\Roaming\WB.CFG
2015-01-20 11:57 - 2015-01-20 11:57 - 00001128 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2015-01-20 11:57 - 2015-01-20 11:57 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2015-01-20 11:57 - 2015-01-20 11:57 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-01-20 11:55 - 2015-01-20 11:56 - 00000000 ____D () C:\Users\Samsung\Desktop\OpenOffice 4.1.0 (en-US) Installation Files
2015-01-20 11:53 - 2015-01-20 11:53 - 140910890 _____ () C:\Users\Samsung\Downloads\OpenOfficeSetup.exe
2015-01-20 11:53 - 2015-01-20 11:53 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z
2015-01-20 11:44 - 2015-01-20 11:44 - 00846104 _____ ( ) C:\Users\Samsung\Downloads\Open_office_Setup.exe
2015-01-16 13:12 - 2015-01-16 14:25 - 00000000 ____D () C:\Users\Samsung\Desktop\bw-invest Newsletter
2015-01-16 12:21 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-16 12:21 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-16 12:21 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-16 12:21 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-16 12:21 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-16 12:21 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-16 12:21 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-16 12:21 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-16 12:21 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-16 12:21 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-16 12:21 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-16 12:21 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-16 12:21 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-16 12:21 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-16 12:21 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-16 12:21 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-16 12:21 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-16 12:21 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-16 12:21 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-16 12:21 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-16 12:21 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-16 12:21 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-16 12:21 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-16 12:21 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-16 12:21 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-16 12:21 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-16 12:21 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-16 12:21 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-16 12:21 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-16 12:21 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-16 12:21 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-14 17:11 - 2015-01-14 17:11 - 00000000 ____D () C:\Users\Samsung\AppData\Local\580d2d6e-6e24-4802-b686-426a4bb47fef
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-11 00:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-11 00:02 - 2014-11-26 17:50 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-10 23:57 - 2014-10-26 00:39 - 01837635 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-10 21:21 - 2014-11-17 12:15 - 00000000 ____D () C:\Users\Samsung\OneDrive
2015-02-10 21:10 - 2013-11-09 07:10 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1067650959-623007815-1153489054-1001
2015-02-10 21:04 - 2014-09-24 07:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-10 21:04 - 2014-09-24 06:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-10 21:04 - 2014-09-24 06:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-10 21:03 - 2013-07-29 05:42 - 00000000 ____D () C:\ProgramData\WinClon
2015-02-10 21:00 - 2014-10-23 13:43 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2015-02-10 21:00 - 2014-09-23 22:06 - 00761512 _____ () C:\WINDOWS\PFRO.log
2015-02-10 21:00 - 2013-08-22 15:46 - 00352332 _____ () C:\WINDOWS\setupact.log
2015-02-10 21:00 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-10 21:00 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-10 21:00 - 2013-07-29 05:53 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2015-02-10 21:00 - 2013-07-29 05:41 - 00000000 ____D () C:\ProgramData\Norton
2015-02-10 20:58 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-10 20:58 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-02-10 20:34 - 2014-10-27 11:57 - 00244408 _____ () C:\Users\Samsung\Downloads\Firefox Setup Stub 33.0.exe
2015-02-10 17:00 - 2013-11-13 02:37 - 00000000 ____D () C:\Users\Samsung\AppData\Local\CrashDumps
2015-02-09 22:42 - 2013-11-09 03:20 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Packages
2015-02-09 22:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-04 22:02 - 2014-11-26 17:50 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 14:29 - 2013-11-09 03:21 - 00035528 _____ () C:\Users\Samsung\AppData\Roaming\AbsoluteReminder.xml
2015-02-04 14:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\security
2015-02-04 14:03 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini
2015-02-04 13:10 - 2014-10-27 10:10 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FD16278B-F34C-432A-BD3D-7A7390862BE8}
2015-02-02 23:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-02 23:44 - 2014-10-25 12:51 - 00000000 ____D () C:\Users\Samsung
2015-01-30 14:14 - 2014-11-18 10:07 - 00000000 ____D () C:\WINDOWS\SysWOW64\SupportAppPBHostless Modem
2015-01-30 14:14 - 2014-11-18 10:07 - 00000000 ____D () C:\Program Files (x86)\Hostless Modem
2015-01-27 20:21 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-26 12:30 - 2014-10-25 12:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2015-01-26 12:30 - 2013-07-29 05:38 - 00000206 _____ () C:\setup.log
2015-01-26 12:30 - 2013-07-29 04:01 - 00002787 _____ () C:\RHDSetup.log
2015-01-26 12:30 - 2013-07-29 04:01 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-01-26 12:29 - 2014-10-26 00:41 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-01-26 12:29 - 2013-07-29 05:53 - 00016352 _____ () C:\WINDOWS\system32\results.xml
2015-01-26 12:29 - 2013-07-29 04:03 - 00079470 _____ () C:\WINDOWS\DPINST.LOG
2015-01-26 12:29 - 2013-07-29 04:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-26 12:29 - 2013-07-29 04:01 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-26 12:25 - 2013-07-29 05:09 - 00000000 ____D () C:\Intel
2015-01-26 12:25 - 2013-07-29 04:03 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-26 12:25 - 2013-07-29 04:03 - 00000000 ____D () C:\ProgramData\Intel
2015-01-26 12:25 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated
2015-01-26 12:24 - 2014-10-25 12:49 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-26 12:23 - 2014-10-25 12:49 - 00000000 ____D () C:\Program Files\Intel
2015-01-26 12:22 - 2013-08-22 15:46 - 00001196 _____ () C:\WINDOWS\setuperr.log
2015-01-26 12:21 - 2013-11-09 03:21 - 00001168 _____ () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBT Audio Monitor.lnk
2015-01-26 12:20 - 2013-07-29 05:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-01-26 12:20 - 2013-07-29 04:01 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-24 21:20 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 12:51 - 2014-11-24 11:30 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-01-20 20:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2015-01-20 12:01 - 2013-08-22 15:44 - 00411080 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-20 12:00 - 2013-11-16 10:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-20 11:58 - 2013-11-16 10:19 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2013-11-09 03:21 - 2015-02-04 14:29 - 0035528 _____ () C:\Users\Samsung\AppData\Roaming\AbsoluteReminder.xml
2014-10-30 11:30 - 2014-10-30 11:30 - 0076976 _____ () C:\Users\Samsung\AppData\Roaming\LoJackSetup.exe
2015-01-20 14:54 - 2015-01-27 19:55 - 0000132 _____ () C:\Users\Samsung\AppData\Roaming\WB.CFG
2015-01-22 09:54 - 2015-01-22 09:54 - 0000001 _____ () C:\Users\Samsung\AppData\Local\DSI.DAT
2015-01-22 09:54 - 2015-01-22 09:54 - 0022528 _____ () C:\Users\Samsung\AppData\Local\dsisetup1651910152.exe
2015-01-26 12:30 - 2015-01-26 12:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-07-29 05:45 - 2013-02-19 08:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-07-29 05:45 - 2013-01-12 15:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
2013-03-19 03:32 - 2013-03-19 03:32 - 0010011 _____ () C:\ProgramData\regid.2012-01.com.intel.discover-at_512FCF1B-3685-45F2-A1E9-63AEF7F79B35.swidtag
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-10 14:26
==================== End Of Log ============================
--- --- --- LG Rosana |
|
11.02.2015, 16:40
| #12 |
| /// the machine /// TB-Ausbilder | Fehlermeldung - "Fehler: Server nicht gefunden" Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Samsung\Downloads\Open_office_Setup.exe
C:\Users\Samsung\Downloads\Pet-Rescue-Saga-lnstall.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.02.2015, 20:59
| #13 |
| | Fehlermeldung - "Fehler: Server nicht gefunden" Hi, Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by Samsung at 2015-02-11 20:45:12 Run:1
Running from C:\Users\Samsung\Desktop
Loaded Profiles: Samsung (Available profiles: Samsung & Gast)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Samsung\Downloads\Open_office_Setup.exe
C:\Users\Samsung\Downloads\Pet-Rescue-Saga-lnstall.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:
*****************
C:\Users\Samsung\Downloads\Open_office_Setup.exe => Moved successfully.
C:\Users\Samsung\Downloads\Pet-Rescue-Saga-lnstall.exe => Moved successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ContentExplorer.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancer.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancerservice.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancer.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerApp.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerAppservice.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancerservice.exe" => Key deleted successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
EmptyTemp: => Removed 148.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog 20:45:21 ====
|
|
12.02.2015, 06:58
| #14 |
| /// the machine /// TB-Ausbilder | Fehlermeldung - "Fehler: Server nicht gefunden" fertig
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
dann auf 
und dann auf 
. 
Linear-Darstellung
