Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   langsamer rechner, hängt sich immer wieder auf (https://www.trojaner-board.de/167463-langsamer-rechner-haengt-immer.html)

humphrey24 01.06.2015 11:33
langsamer rechner, hängt sich immer wieder auf
 
hallo,


mein rechner wird zunehmend langsamer und hängt sich immer wieder auf. ich freue mich auf hilfe.

beste grüße

Aneri 01.06.2015 11:58
Hallo willommen

Bitte fűhre die Programme als Admin aus... poste die Logfiles bitte in Code Tags. Da du ja schon Erfahrung hast sparen wir uns die Erklärungen...

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


humphrey24 01.06.2015 12:19
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Boris (administrator) on BORIS-PC on 01-06-2015 13:13:14
Running from C:\Users\Boris\Downloads
Loaded Profiles: Boris (Available Profiles: Boris)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4489216 2007-06-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-02-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.samsungcomputer.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll [2013-05-23] (SMART Technologies ULC.)
Toolbar: HKLM - SMART Sync - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files\SMART Technologies\Education Software\SyncIEToolbar.dll [2011-06-22] (SMART Technologies ULC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-29] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris\searchplugins\google-images.xml [2014-11-30]
FF SearchPlugin: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris\searchplugins\google-maps.xml [2014-11-30]
FF Extension: Test Pilot - C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-11-02]
FF Extension: GMX MailCheck - C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\Extensions\toolbar@gmx.net.xpi [2012-10-16]
FF Extension: No Name - C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-02]
FF HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-27]
CHR Extension: (Google Docs) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-27]
CHR Extension: (Google Drive) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-27]
CHR Extension: (YouTube) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-27]
CHR Extension: (Google Search) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-27]
CHR Extension: (Google Sheets) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-27]
CHR Extension: (Bookmark Manager) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-27]
CHR Extension: (Gmail) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-27]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1074480 2013-08-15] (Flexera Software LLC)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2015-01-09] (Microsoft)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [73728 2007-06-28] () [File not signed]
R2 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [582992 2013-03-07] (SMART Technologies)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-04-16] (SAMSUNG ELECTRONICS CO., LTD.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-23] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [8192 2013-03-07] (SMART Technologies)
R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [7680 2013-03-07] (SMART Technologies)
R3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [15872 2013-03-07] (SMART Technologies ULC)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Boris\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 VMC302; System32\Drivers\VMC302.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 13:13 - 2015-06-01 13:13 - 00014752 _____ () C:\Users\Boris\Downloads\FRST.txt
2015-06-01 13:13 - 2015-06-01 13:13 - 00000000 ____D () C:\FRST
2015-06-01 13:12 - 2015-06-01 13:12 - 01147392 _____ (Farbar) C:\Users\Boris\Downloads\FRST.exe
2015-05-27 15:22 - 2015-05-27 15:22 - 01197344 _____ () C:\Users\Boris\Downloads\odp-3.2-bin-windows-en-US - CHIP-Installer.exe
2015-05-26 22:56 - 2015-05-26 22:56 - 00000000 ____D () C:\ProgramData\WindowsSearch
2015-05-18 16:38 - 2015-05-18 16:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-14 00:09 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 00:04 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-14 00:04 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-14 00:04 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-14 00:04 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-14 00:04 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-14 00:04 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-14 00:04 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-14 00:04 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 00:04 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 00:04 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 00:03 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 23:48 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 15:12 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 15:12 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 15:12 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 15:12 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 15:12 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 15:12 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 15:12 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 15:12 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 15:12 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 15:12 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 15:12 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 15:12 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 15:12 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-13 15:12 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 15:12 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 15:12 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 15:12 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 15:12 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 15:12 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 15:12 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-13 15:12 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-13 15:12 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 13:06 - 2012-07-30 16:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-01 12:28 - 2008-06-20 04:48 - 01412798 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 11:39 - 2014-12-27 22:28 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-01 11:39 - 2008-08-02 17:23 - 00000000 ____D () C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-06-01 11:39 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 11:39 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 11:38 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-01 01:52 - 2008-04-16 01:00 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-06-01 01:52 - 2006-11-02 15:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-29 20:17 - 2014-09-09 22:55 - 00000000 ____D () C:\Users\Boris\AppData\Local\Adobe
2015-05-29 20:16 - 2012-07-30 16:44 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-29 20:16 - 2012-07-30 16:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-28 09:46 - 2014-12-23 01:09 - 00000000 ____D () C:\Users\Boris\AppData\Roaming\Skype
2015-05-27 19:40 - 2014-12-23 01:08 - 00000000 ____D () C:\ProgramData\Skype
2015-05-27 19:37 - 2008-08-02 17:23 - 00104280 _____ () C:\Users\Boris\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-27 19:35 - 2006-11-02 14:47 - 00388520 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-26 23:02 - 2008-08-03 10:16 - 00002623 _____ () C:\Users\Boris\Desktop\Microsoft Word.lnk
2015-05-26 17:16 - 2008-08-02 17:20 - 00000000 ____D () C:\Users\Boris
2015-05-26 14:57 - 2014-12-27 22:29 - 00001969 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-19 14:58 - 2014-12-27 22:28 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 18:39 - 2012-11-12 18:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-14 12:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-14 00:48 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-14 00:48 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 00:47 - 2014-12-23 23:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 00:09 - 2012-11-13 17:46 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-14 00:08 - 2012-11-13 17:46 - 00001832 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-14 00:07 - 2012-11-13 17:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-14 00:02 - 2013-07-14 17:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 23:52 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-13 23:47 - 2014-12-23 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 23:31 - 2013-03-29 13:47 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-13 20:00 - 2014-12-23 01:08 - 00000000 ___RD () C:\Program Files\Skype

==================== Files in the root of some directories =======

2012-11-03 03:27 - 2012-11-03 03:27 - 0017089 _____ () C:\Users\Boris\AppData\Roaming\UserTile.png
2013-09-11 18:37 - 2013-09-11 18:37 - 0000680 _____ () C:\Users\Boris\AppData\Local\d3d9caps.dat
2012-10-11 09:30 - 2014-12-21 12:30 - 0005632 _____ () C:\Users\Boris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-01 11:45

==================== End of log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Boris at 2015-06-01 13:14:00
Running from C:\Users\Boris\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1411231321-3497987553-1682086313-500 - Administrator - Disabled)
Boris (S-1-5-21-1411231321-3497987553-1682086313-1003 - Administrator - Enabled) => C:\Users\Boris
Gast (S-1-5-21-1411231321-3497987553-1682086313-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
ANSTOSS 2 (HKLM\...\ANSTOSS 2) (Version:  - )
Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - )
ATI Catalyst Install Manager (HKLM\...\{9DCC214C-CD1A-1115-6775-A9056185FE4E}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
AVStation Now (HKLM\...\InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}) (Version: 4.0.10.6 - Ihr Firmenname)
AVStation Now (Version: 4.0.10.6 - Ihr Firmenname) Hidden
Catalyst Control Center - Branding (HKLM\...\{2433BAD7-453F-473D-BE81-455E68940DEB}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0318.2139.36886 - Ihr Firmenname) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
doPDF (Version: 8.1.922 - Softland) Hidden
doPDF 8 (HKLM\...\{203db349-8f91-4d14-8a94-0966e8933881}) (Version: 8.1.922 - Softland)
Dropbox (HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2103 - CyberLink Corporation)
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.1 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Ihr Firmenname)
Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname) Hidden
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.0.14 - )
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD)
LabelPrint 2.0 (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version:  - )
LightScribe  1.8.15.1 (Version: 1.8.15.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM\...\{7187CC63-D4F5-4854-9946-BBC8AF45D45C}) (Version: 8.1.922 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{70EB3A38-9B31-4978-9EA9-C5E73527052D}) (Version: 8.1.922 - Softland)
Pelikan Schulschriften (HKLM\...\Vereinfachte Ausgangsschrift VA_is1) (Version:  - Will Software)
Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.47 - Ihr Firmenname)
Play AVStation (Version: 4.1.20.47 - Ihr Firmenname) Hidden
PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.1 - )
PlayMemories Home (HKLM\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.0.02.14151 - Sony Corporation)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2802.0 - CyberLink Corporation)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074429(3.7)_Vista_SSPC - CyberLink Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5433 - Realtek Semiconductor Corp.)
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD)
Samsung Recovery Solution II (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 1.0.3.21 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.3.0.11 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden
Skins (Version: 2008.0318.2139.36886 - ATI) Hidden
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SMART Common Files (HKLM\...\{9057211D-439A-4C0D-95DE-498CF54ADF8C}) (Version: 11.3.267.0 - SMART Technologies ULC)
SMART English (United Kingdom) Language Pack (HKLM\...\{2B2404AA-35DF-4BF3-A8F2-BAFC8F7174C5}) (Version: 11.2.29.0 - SMART Technologies ULC)
SMART German Language Pack (HKLM\...\{FE34C5E6-CC3D-4C26-969A-0C2CAFB34658}) (Version: 11.2.29.0 - SMART Technologies ULC)
SMART Ink (HKLM\...\{F0E390A2-AB03-4077-83C4-F12D3A65493D}) (Version: 1.1.549.1 - SMART Technologies ULC)
SMART Notebook (HKLM\...\{82E3F365-86BD-4EA8-80CA-F498EBE89537}) (Version: 11.2.637.0 - SMART Technologies ULC)
SMART Product Drivers (HKLM\...\{E91FBB79-D736-4834-A1AB-2A5CDD2DB7E7}) (Version: 11.1.669.0 - SMART Technologies ULC)
SMART Sync Teacher (HKLM\...\{9D81615E-B150-488B-90CA-1159E2113BE3}) (Version: 10.0.576.0 - SMART Technologies ULC)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steuer 2013 (HKLM\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WIDCOMM Bluetooth Software 6.0.1.5000 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.5000 - WIDCOMM, Inc.)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WINZD 2013-08 Rev. 2 (HKLM\...\WINZD_is1) (Version:  - R. Aquila, F. Ostermeier)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}\InprocServer32 -> C:\Users\Boris\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAB~1.DLL No File

==================== Restore Points =========================

18-05-2015 14:59:36 Windows Update
20-05-2015 00:17:29 Geplanter Prüfpunkt
21-05-2015 00:00:06 Geplanter Prüfpunkt
21-05-2015 19:57:05 Windows Update
22-05-2015 12:48:48 Geplanter Prüfpunkt
25-05-2015 23:26:00 Windows Update
27-05-2015 17:17:26 Geplanter Prüfpunkt
28-05-2015 20:16:08 Geplanter Prüfpunkt
29-05-2015 11:51:19 Geplanter Prüfpunkt
29-05-2015 19:25:23 Windows Update
30-05-2015 18:30:48 Geplanter Prüfpunkt
31-05-2015 20:00:22 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26BB6DB7-086C-40DD-A65C-AF93924FF028} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2A4D15FE-A6A3-431A-9B29-B99542F8855A} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-19] (Microsoft Corporation)
Task: {2AA082C7-4803-4954-B360-FF0E5BC76E68} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-01-02] (SAMSUNG Electronics co., LTD.)
Task: {363EAC71-3177-46E4-BC1D-BF3A95D66F63} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2015-01-09] ()
Task: {502ABAE2-A3CC-4D88-BE25-88B61A02AE97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-27] (Google Inc.)
Task: {82583C58-CBA8-4AC1-A74E-8CE24ADE034E} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2007-12-28] (Samsung Electronics Co., Ltd.)
Task: {892E0D52-AE03-47D7-AF89-5B50DF16F46D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-29] (Adobe Systems Incorporated)
Task: {C66E8DD8-A324-45BA-999D-B635600D72CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-27] (Google Inc.)
Task: {E99D3AFB-F7A8-4342-83DF-318615AF5CEB} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {EC7BFDA4-4533-4C92-95E6-2AFF5B0DDB81} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-05] (Samsung Electronics Co., Ltd.)
Task: {F8A5340B-69BF-4AEE-9F50-6E30203EF659} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2007-06-01] (SAMSUNG Electronics)
Task: {FE114039-ADE6-4B13-8E0E-095655FF0D95} - System32\Tasks\{B56416D4-2ECB-427D-9578-EA8B77933930} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.80.102/de/abandoninstall?page=tsMain

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2008-04-15 07:40 - 2008-03-18 15:04 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2015-01-09 14:35 - 2015-01-09 14:35 - 00129304 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT.dll
2008-04-16 03:14 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
2008-04-16 01:43 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll
2008-04-16 01:37 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2008-04-16 01:37 - 2006-09-19 02:52 - 00028672 _____ () C:\Program Files\Samsung\Easy Display Manager\WinMove.dll
2008-04-16 01:22 - 2006-12-19 15:23 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-03-18 05:21 - 2008-03-18 05:21 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\100sexlinks.com -> 100sexlinks.com

There are 5968 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Boris\Pictures\Unbenannt.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk => C:\Windows\pss\BTTray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Boris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: sbsdk-server => "C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SMART Board Service => "C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe" -d
MSCONFIG\startupreg: SMART Board Tools => "C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe"
MSCONFIG\startupreg: SMART Ink => "C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe" -a
MSCONFIG\startupreg: SMART SNMP Agent => "C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe" -e
MSCONFIG\startupreg: SMARTClassroomCoordinator.exe => "C:\Program Files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe"
MSCONFIG\startupreg: VantageService => "C:\Program Files\SMART Technologies\Education Software\VantageService.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{363FD5FE-625A-48E2-9C24-9A2958B5E415}] => (Allow) C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE
FirewallRules: [{F73EF69F-978F-4BB1-9C41-B449AB7EF792}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [TCP Query User{369E448A-D8F7-4BA0-9DFE-538158E67071}C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F7880D89-7C9D-471D-A100-A64E6667B713}C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{584DA8A5-CFDD-4EFA-B81C-675C9FA54D35}] => (Allow) C:\Users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B650F765-347A-47F0-A3D5-E858C44467FD}] => (Allow) C:\Users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{EA9E3BA5-0C6D-4AC6-A611-9389435C59BA}C:\program files\tvuplayer\tvuplayer.exe] => (Allow) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [UDP Query User{972B5D3D-D968-42EE-A585-BF8352039899}C:\program files\tvuplayer\tvuplayer.exe] => (Allow) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [{4CDA5B6D-1758-4634-A7FD-0A4A4883D7F3}] => (Allow) LPort=80
FirewallRules: [{70908495-9F51-4D56-B4D9-E420EE25A7EB}] => (Allow) LPort=80
FirewallRules: [{9D0F47CA-BDB4-4577-8347-26367C373B51}] => (Allow) LPort=80
FirewallRules: [TCP Query User{DEAAEB4C-D44D-43B6-9604-1A44DB8EA580}C:\program files\smart technologies\education software\vantageservice.exe] => (Block) C:\program files\smart technologies\education software\vantageservice.exe
FirewallRules: [UDP Query User{2DC16E83-CF15-430B-9B0F-F8E0D2FB7056}C:\program files\smart technologies\education software\vantageservice.exe] => (Block) C:\program files\smart technologies\education software\vantageservice.exe
FirewallRules: [TCP Query User{ADEA3ADC-25D9-49CA-9BA1-BE5B0BFF2D3A}C:\program files\smart technologies\education software\smartsnmpagent.exe] => (Block) C:\program files\smart technologies\education software\smartsnmpagent.exe
FirewallRules: [UDP Query User{060867F9-9894-4EE6-B99B-CCD6C7DFC45F}C:\program files\smart technologies\education software\smartsnmpagent.exe] => (Block) C:\program files\smart technologies\education software\smartsnmpagent.exe
FirewallRules: [{A5134779-AB27-48FF-9E31-8F673CEB5D1A}] => (Allow) C:\Program Files\SMART Technologies\Education Software\SMARTSyncTeacher.exe
FirewallRules: [{27165A7D-1928-4AB9-9A9D-AEBC3CE927EC}] => (Allow) C:\Program Files\SMART Technologies\Education Software\SMARTSyncTeacher.exe
FirewallRules: [{53B9088F-04EA-4A10-AEFE-690AB04E23E5}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCGui.exe
FirewallRules: [{0B985889-957B-441A-830A-402F0BA50A48}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCGui.exe
FirewallRules: [{5463188D-1BEF-4141-80B1-0F4A33EE53E9}] => (Allow) C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe
FirewallRules: [{941306F9-CD40-48A7-8A8D-00C65D4AF217}] => (Allow) C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe
FirewallRules: [{F3845559-260E-4878-86AB-92E29080E577}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCService.exe
FirewallRules: [{02BE2363-1B5E-4A0C-A590-5C799AC14613}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCService.exe
FirewallRules: [{AA091F8E-5968-4068-9779-81CE1319020D}] => (Allow) C:\Program Files\SMART Technologies\Education Software\VantageService.exe
FirewallRules: [{3DC02466-FDD0-4ADB-82E0-6AA29EBA5AC5}] => (Allow) C:\Program Files\SMART Technologies\Education Software\VantageService.exe
FirewallRules: [TCP Query User{A8C27D0E-EA68-4D0E-982C-264B14BF3731}C:\program files\smart technologies\education software\responsesoftwareservice.exe] => (Block) C:\program files\smart technologies\education software\responsesoftwareservice.exe
FirewallRules: [UDP Query User{99D748DD-4E51-4F52-8582-CF1E231DCF1A}C:\program files\smart technologies\education software\responsesoftwareservice.exe] => (Block) C:\program files\smart technologies\education software\responsesoftwareservice.exe
FirewallRules: [{D249E997-65F8-4591-A762-96C710C09B94}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{9499DEEF-5760-4E22-AB04-526C2A22FC63}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{96965F50-58EE-4DDD-8B0C-51DCE0C1D671}] => (Allow) LPort=8501
FirewallRules: [{2E9792F4-5793-4435-8BC0-75D2024B2E87}] => (Allow) LPort=8501
FirewallRules: [TCP Query User{A9B767FD-FE00-4538-BF7D-B15E297ED7D9}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{01732457-95C3-4E92-BF7B-63A5BACF5500}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{B28C0FE3-0D7C-47DD-B49F-6A12E10C3A25}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{23590C37-414B-4E7A-9713-87709133D492}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BB975426-58BE-4DB8-A4D1-F8962CB97B7B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2015 01:52:29 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/31/2015 02:22:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/30/2015 00:28:20 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/29/2015 11:57:24 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/29/2015 09:25:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/29/2015 09:25:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/29/2015 09:25:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/29/2015 09:25:38 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/29/2015 03:40:49 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/28/2015 09:46:46 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BORIS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)


System errors:
=============
Error: (06/01/2015 11:54:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.199.1401.0){BE66F658-5D79-449D-8B9A-D1B7F866C87E}201

Error: (06/01/2015 11:53:17 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 0.0.0.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsphase: 4.8.0204.00

        Quellpfad: 4.8.0204.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/01/2015 11:53:11 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion:

        Aktualisierungsquelle: %NT-AUTORITÄT15

        Aktualisierungsphase: 4.8.0204.00

        Quellpfad: 4.8.0204.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/01/2015 11:53:04 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.199.1401.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.8.0204.00

        Quellpfad: 4.8.0204.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/01/2015 11:53:01 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion:

        Aktualisierungsquelle: %NT-AUTORITÄT15

        Aktualisierungsphase: 4.8.0204.00

        Quellpfad: 4.8.0204.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/01/2015 11:40:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/30/2015 11:48:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.199.1335.0){33752E1E-CFA0-4B39-8932-9A5772915A11}201

Error: (05/30/2015 11:47:22 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 0.0.0.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsphase: 4.8.0204.00

        Quellpfad: 4.8.0204.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/30/2015 11:47:15 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion:

        Aktualisierungsquelle: %NT-AUTORITÄT15

        Aktualisierungsphase: 4.8.0204.00

        Quellpfad: 4.8.0204.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/30/2015 11:47:08 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.199.1335.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.8.0204.00

        Quellpfad: 4.8.0204.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608


Microsoft Office:
=========================
Error: (06/01/2015 01:52:29 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/31/2015 02:22:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING-BACKUP

Error: (05/30/2015 00:28:20 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/29/2015 11:57:24 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/29/2015 09:25:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING-TO_DELETE

Error: (05/29/2015 09:25:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING

Error: (05/29/2015 09:25:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING

Error: (05/29/2015 09:25:38 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING-BACKUP

Error: (05/29/2015 03:40:49 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/28/2015 09:46:46 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\BORIS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES


CodeIntegrity Errors:
===================================
  Date: 2014-12-23 13:49:29.576
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-23 13:49:28.938
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-23 13:49:28.281
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-23 13:49:27.688
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-23 13:49:26.718
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-23 13:49:26.133
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-23 13:49:25.532
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-23 13:49:24.938
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-31 13:29:37.054
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-31 13:29:36.473
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
Percentage of memory in use: 39%
Total physical RAM: 3069.45 MB
Available physical RAM: 1869.04 MB
Total Pagefile: 6379.29 MB
Available Pagefile: 5074.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.46 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:111.88 GB) (Free:47.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:111 GB) (Free:110.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: BD17C37C)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=111.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111 GB) - (Type=07 NTFS)

==================== End of log ============================

Aneri 02.06.2015 21:04
Hi ich hab dich nicht vergessen.. Antwort kommt schnellstmoeglich

Aneri 03.06.2015 18:26
Hi

Schritt 1:
deinstalliere deine Version von Malwarebytes Antimalware. Hier ist eine Daten beschädigt.

Schritt 2:
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


Schritt 3:
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
AlternateDataStreams[/COLOR]: C:\ProgramData\TEMP:5C321E34
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 4:
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 5:

erstelle bitte ein neues FRST Logfile und poste es hier. Verbessert sich das Verhalten deines Systems.

Aneri 11.06.2015 17:26

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

humphrey24 11.06.2015 22:38
hallo,

habe einfach nicht bemerkt, dass du schon längst geschrieben hast

grüße

Code:
Fix result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015
Ran by Boris at 2015-06-11 22:57:45 Run:1
Running from C:\Users\Boris\Downloads
Loaded Profiles: Boris (Available Profiles: Boris)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
*****************

HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
EmptyTemp: => 633.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 22:58:20 ====
Code:
# AdwCleaner v4.206 - Bericht erstellt 11/06/2015 um 23:10:11
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-09.1 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : Boris - BORIS-PC
# Gestarted von : C:\Users\Boris\Downloads\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Boris\Desktop\hosts
Ordner Gelöscht : C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Datei Gelöscht : C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
Datei Gelöscht : C:\Users\Boris\AppData\Local\GDIPFONTCACHEV1.DAT
Datei Gelöscht : C:\Users\Boris\AppData\Roaming\GDIPFONTCACHEV1.DAT

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{58F249C9-6D95-4CA5-B911-63FE6923246D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4662AFB-2596-4C42-8F56-A313C2823C0F}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16659


-\\ Mozilla Firefox v38.0.5 (x86 de)


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [1685 Bytes] - [11/06/2015 23:06:29]
AdwCleaner[S0].txt - [1522 Bytes] - [11/06/2015 23:10:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1581  Bytes] ##########
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015
Ran by Boris (administrator) on BORIS-PC on 11-06-2015 23:31:53
Running from c:\Users\Boris\Downloads
Loaded Profiles: Boris (Available Profiles: Boris)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4489216 2007-06-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-02-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.samsungcomputer.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll [2013-05-23] (SMART Technologies ULC.)
Toolbar: HKLM - SMART Sync - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files\SMART Technologies\Education Software\SyncIEToolbar.dll [2011-06-22] (SMART Technologies ULC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-29] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris\searchplugins\google-images.xml [2014-11-30]
FF SearchPlugin: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris\searchplugins\google-maps.xml [2014-11-30]
FF Extension: Test Pilot - C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-11-02]
FF Extension: GMX MailCheck - C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\Extensions\toolbar@gmx.net.xpi [2012-10-16]
FF Extension: No Name - C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-02]
FF HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-27]
CHR Extension: (Google Docs) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-27]
CHR Extension: (Google Drive) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-27]
CHR Extension: (YouTube) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-27]
CHR Extension: (Google Search) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-27]
CHR Extension: (Google Sheets) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-27]
CHR Extension: (Bookmark Manager) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-29]
CHR Extension: (Google Wallet) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-27]
CHR Extension: (Gmail) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-27]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1074480 2013-08-15] (Flexera Software LLC)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2015-01-09] (Microsoft)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [73728 2007-06-28] () [File not signed]
R2 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [582992 2013-03-07] (SMART Technologies)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-04-16] (SAMSUNG ELECTRONICS CO., LTD.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [8192 2013-03-07] (SMART Technologies)
R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [7680 2013-03-07] (SMART Technologies)
R3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [15872 2013-03-07] (SMART Technologies ULC)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Boris\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 VMC302; System32\Drivers\VMC302.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-11 23:26 - 2015-06-11 23:26 - 00000810 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-11 23:26 - 2015-06-11 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-11 23:26 - 2015-06-11 23:26 - 00000000 ____D C:\Program Files\CCleaner
2015-06-11 23:24 - 2015-06-11 23:24 - 06549184 _____ (Piriform Ltd) C:\Users\Boris\Downloads\ccsetup506.exe
2015-06-11 23:12 - 2015-06-11 23:12 - 00104280 _____ C:\Users\Boris\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-11 23:05 - 2015-06-11 23:10 - 00000000 ____D C:\AdwCleaner
2015-06-11 23:05 - 2015-06-11 23:05 - 02231296 _____ C:\Users\Boris\Downloads\AdwCleaner_4.206.exe
2015-06-11 22:57 - 2015-06-11 22:57 - 00000000 ____D C:\Users\Boris\Downloads\FRST-OlderVersion
2015-06-11 22:56 - 2015-06-11 22:56 - 00000070 _____ C:\Users\Public\Downloads\FRST.txt
2015-06-11 22:11 - 2015-06-11 22:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-11 22:07 - 2015-06-11 22:47 - 00000000 ____D C:\Users\Boris\Desktop\mbar
2015-06-11 22:06 - 2015-06-11 22:06 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Boris\Downloads\mbar-1.09.1.1004(1).exe
2015-06-11 22:05 - 2015-06-11 22:06 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Boris\Downloads\mbar-1.09.1.1004.exe
2015-06-11 22:03 - 2015-06-11 22:07 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-11 22:03 - 2015-06-11 22:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-11 22:03 - 2015-06-11 22:03 - 00000905 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-11 22:03 - 2015-06-11 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-11 22:03 - 2015-06-11 22:03 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-11 22:03 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-11 22:03 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-11 22:02 - 2015-06-11 22:02 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Boris\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-11 12:46 - 2015-04-24 17:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-11 12:45 - 2015-05-21 16:22 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-11 12:45 - 2015-05-09 01:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-11 12:43 - 2015-05-05 00:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-11 12:43 - 2015-05-05 00:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-11 12:43 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-11 12:43 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-11 12:43 - 2015-05-04 23:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 23:32 - 2015-06-10 23:32 - 00000000 ____D C:\Users\Boris\AppData\Local\Microsoft Games
2015-06-10 17:18 - 2015-05-31 02:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 17:18 - 2015-05-31 01:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 17:18 - 2015-05-31 01:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 17:18 - 2015-05-31 01:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 17:18 - 2015-05-31 01:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 17:18 - 2015-05-31 01:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 17:18 - 2015-05-31 01:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 17:18 - 2015-05-31 01:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 17:18 - 2015-05-31 01:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 17:18 - 2015-05-31 01:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 17:18 - 2015-05-31 01:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 17:18 - 2015-05-31 01:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 17:18 - 2015-05-31 01:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-10 17:18 - 2015-05-31 01:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 17:18 - 2015-05-31 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 17:18 - 2015-05-31 01:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 17:18 - 2015-05-31 01:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-10 17:18 - 2015-05-31 01:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 17:18 - 2015-05-31 01:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 17:18 - 2015-05-31 01:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 17:18 - 2015-05-31 01:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-10 17:18 - 2015-05-31 01:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-03 13:45 - 2015-06-04 08:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-01 13:14 - 2015-06-01 13:15 - 00042287 _____ C:\Users\Boris\Downloads\Addition.txt
2015-06-01 13:13 - 2015-06-11 23:32 - 00000000 ____D C:\FRST
2015-06-01 13:13 - 2015-06-11 23:31 - 00014977 _____ C:\Users\Boris\Downloads\FRST.txt
2015-06-01 13:12 - 2015-06-11 22:57 - 01147904 _____ (Farbar) C:\Users\Boris\Downloads\FRST.exe
2015-05-27 15:22 - 2015-05-27 15:22 - 01197344 _____ C:\Users\Boris\Downloads\odp-3.2-bin-windows-en-US - CHIP-Installer.exe
2015-05-26 22:56 - 2015-05-26 22:56 - 00000000 ____D C:\ProgramData\WindowsSearch
2015-05-14 00:09 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 00:04 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-14 00:04 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-14 00:04 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-14 00:04 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-14 00:04 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-14 00:04 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-14 00:04 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-14 00:04 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 00:04 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 00:03 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 23:48 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-11 23:30 - 2008-06-20 04:48 - 01955087 _____ C:\Windows\WindowsUpdate.log
2015-06-11 23:12 - 2014-12-27 22:28 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-11 23:12 - 2008-08-02 17:23 - 00000000 ____D C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-06-11 23:12 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-11 23:12 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-11 23:12 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-11 23:11 - 2008-04-16 01:00 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-06-11 23:11 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-11 23:06 - 2012-07-30 16:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-11 13:13 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2015-06-11 12:57 - 2006-11-02 14:47 - 00388520 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 12:54 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2015-06-10 19:47 - 2008-08-03 10:16 - 00002623 _____ C:\Users\Boris\Desktop\Microsoft Word.lnk
2015-06-09 21:54 - 2012-07-30 16:44 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-09 21:54 - 2012-07-30 16:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-09 18:55 - 2014-12-27 22:29 - 00001969 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-04 08:36 - 2012-11-12 18:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-05-29 20:17 - 2014-09-09 22:55 - 00000000 ____D C:\Users\Boris\AppData\Local\Adobe
2015-05-28 09:46 - 2014-12-23 01:09 - 00000000 ____D C:\Users\Boris\AppData\Roaming\Skype
2015-05-27 19:40 - 2014-12-23 01:08 - 00000000 ____D C:\ProgramData\Skype
2015-05-26 17:16 - 2008-08-02 17:20 - 00000000 ____D C:\Users\Boris
2015-05-19 14:58 - 2014-12-27 22:28 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-14 12:02 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-05-14 00:48 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-05-14 00:48 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-14 00:47 - 2014-12-23 23:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-14 00:09 - 2012-11-13 17:46 - 00001912 _____ C:\Windows\epplauncher.mif
2015-05-14 00:08 - 2012-11-13 17:46 - 00001832 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-14 00:07 - 2012-11-13 17:46 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-05-14 00:02 - 2013-07-14 17:29 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 23:52 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-13 23:47 - 2014-12-23 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 23:31 - 2013-03-29 13:47 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-13 20:00 - 2014-12-23 01:08 - 00000000 ___RD C:\Program Files\Skype

==================== Files in the root of some directories =======

2012-11-03 03:27 - 2012-11-03 03:27 - 0017089 _____ () C:\Users\Boris\AppData\Roaming\UserTile.png
2013-09-11 18:37 - 2013-09-11 18:37 - 0000680 _____ () C:\Users\Boris\AppData\Local\d3d9caps.dat
2012-10-11 09:30 - 2014-12-21 12:30 - 0005632 _____ () C:\Users\Boris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Boris\AppData\Local\Temp\Quarantine.exe
C:\Users\Boris\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-11 23:18

==================== End of log ============================
so, das ist alles was ich hab:)

Aneri 12.06.2015 19:11
Hi...

Die Rückmeldung über das Systemverhalten ist noch offen ☺
Sag noch bescheid ob sich bereits etwas verändert hat.

humphrey24 12.06.2015 19:15
hallo,


es hat sich etwas getan. ist aber trotzdem noch nicht auf dem alten level; d.h. lange ladezeit z.b. für gmx etc.

danke trotzdem schonmal:)

Aneri 14.06.2015 19:13
Hi,

Schritt 1:

dein MBAR Logfile fehlt noch. Hat hier alles geklappt?


Schritt 2:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


humphrey24 14.06.2015 20:04
hallo,

mbar mäßig wurden keinerlei bedrohungen gefunden.

ich mal mal den eset:)

humphrey24 17.06.2015 18:49
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8587809f51c2eb4b82932ffe0d0abe22
# end=init
# utc_time=2015-06-16 11:06:25
# local_time=2015-06-16 01:06:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.0.6002 NT Service Pack 2
Update Init
Update Download
Update Finalize
Updated modules version: 24350
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8587809f51c2eb4b82932ffe0d0abe22
# end=updated
# utc_time=2015-06-16 11:09:40
# local_time=2015-06-16 01:09:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.0.6002 NT Service Pack 2
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=8587809f51c2eb4b82932ffe0d0abe22
# engine=24350
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-16 12:25:10
# local_time=2015-06-16 02:25:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 2902631 105747532 0 0
# scanned=156854
# found=7
# cleaned=7
# scan_time=4530
sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Boris\AppData\Local\Temp\DMR\dmr_72.exe"
sh=987C105596E1851BDA516A0B291F80060F1A302C ft=1 fh=6ba17f86d3d5e0e6 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Boris\Downloads\avira_free_antivirus_de.exe"
sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Boris\Downloads\ccsetup501.exe"
sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Boris\Downloads\ccsetup502.exe"
sh=012CB3E628C9FAC1159A4BA01F79C6C905757FF9 ft=1 fh=2ab5bfb1b985039b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Boris\Downloads\ccsetup506.exe"
sh=7EB438E10CA18B4FED809AF8FABE03196E15A2CC ft=1 fh=358be14d67fe68cc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Boris\Downloads\odp-3.2-bin-windows-en-US - CHIP-Installer.exe"
sh=6CBA0E0599CAA7A76B91B672EE8EF08C3C4DBDFF ft=1 fh=8a09855d7c1e65c2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Boris\Downloads\Vista Shutdown Timer - CHIP-Installer.exe"
nun habe ich noch eine andere schwierigkei bekommen: in der taskleiste ist der lautsprecher komplett verschwunden. er lässt sich auch in der systemsteuerung gar nicht mehr anklicken. im gegensatz zu bsp. uhr oder energielevel.
ist der aus versehen gelöscht worden? kann eigentlich nicht sein?!

grüße

hinzu kommt übrigens, dass, auch nach eset, die ladezeit immer noch verblüffend lang ist, fast noch länger geworden ist. tja, diesmal ist es hartnäckig.

Aneri 18.06.2015 17:51
Hi , ich habe deine Antwort gerade gelesen und melde mich gleich mit neuen Anweisungen...

Aneri 19.06.2015 21:13
Hallo

dann versuchen wir jetzt einmal ein Windows all in One Repair. Dadurch sollte es besser werden.

Schritt 2:

erstelle bitte eine neues FRST LOgfile, setze den Haken bei addition.txt und poste beide Logfiles hier

humphrey24 22.06.2015 12:39
hallo,

ich habe den download so durchgeführt. allerdings habe ich das ganze als zip erhalten
kannst du mir bitte sagen, wie es weitergeht?

danke und gruß

schrauber 24.06.2015 16:48
hi,

Aneri ist gerade beschäftigt, deswegen übernehme ich ab hier. Du hast sicher das richtige geladen auf der Seite?

humphrey24 24.06.2015 16:54
alles klar. ja, ich denke schon, denn ich genau eurer verlinkung gefolgt.

gruß

schrauber 25.06.2015 10:29
Wie heißt denn die ZIP Datei?


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132