|
Plagegeister aller Art und deren Bekämpfung: langsamer rechner, hängt sich immer wieder aufWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.06.2015, 11:33 | #1 |
| langsamer rechner, hängt sich immer wieder auf hallo, mein rechner wird zunehmend langsamer und hängt sich immer wieder auf. ich freue mich auf hilfe. beste grüße |
01.06.2015, 11:58 | #2 |
/// Malwareteam | langsamer rechner, hängt sich immer wieder auf Hallo willommen
__________________Bitte fűhre die Programme als Admin aus... poste die Logfiles bitte in Code Tags. Da du ja schon Erfahrung hast sparen wir uns die Erklärungen... Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Geändert von Aneri (01.06.2015 um 12:06 Uhr) |
01.06.2015, 12:19 | #3 |
| langsamer rechner, hängt sich immer wieder aufCode:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015 Ran by Boris (administrator) on BORIS-PC on 01-06-2015 13:13:14 Running from C:\Users\Boris\Downloads Loaded Profiles: Boris (Available Profiles: Boris) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4489216 2007-06-13] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.) HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] () HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Policies\Explorer: [RestrictRun] 0 HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-02-13] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.samsungcomputer.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll [2013-05-23] (SMART Technologies ULC.) Toolbar: HKLM - SMART Sync - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files\SMART Technologies\Education Software\SyncIEToolbar.dll [2011-06-22] (SMART Technologies ULC.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris FF DefaultSearchEngine: Google FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-29] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll No File FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-04-30] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris\searchplugins\google-images.xml [2014-11-30] FF SearchPlugin: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris\searchplugins\google-maps.xml [2014-11-30] FF Extension: Test Pilot - C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-11-02] FF Extension: GMX MailCheck - C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\Extensions\toolbar@gmx.net.xpi [2012-10-16] FF Extension: No Name - C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-01] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-02] FF HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR Profile: C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-27] CHR Extension: (Google Docs) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-27] CHR Extension: (Google Drive) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-27] CHR Extension: (YouTube) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-27] CHR Extension: (Google Search) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-27] CHR Extension: (Google Sheets) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-27] CHR Extension: (Bookmark Manager) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-29] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14] CHR Extension: (Google Wallet) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-27] CHR Extension: (Gmail) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-27] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1074480 2013-08-15] (Flexera Software LLC) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation) R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2015-01-09] (Microsoft) R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation) R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] () S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [73728 2007-06-28] () [File not signed] R2 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [582992 2013-03-07] (SMART Technologies) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-04-16] (SAMSUNG ELECTRONICS CO., LTD.) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-23] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder) S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation) R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [8192 2013-03-07] (SMART Technologies) R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [7680 2013-03-07] (SMART Technologies) R3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [15872 2013-03-07] (SMART Technologies ULC) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 catchme; \??\C:\Users\Boris\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 VMC302; System32\Drivers\VMC302.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-01 13:13 - 2015-06-01 13:13 - 00014752 _____ () C:\Users\Boris\Downloads\FRST.txt 2015-06-01 13:13 - 2015-06-01 13:13 - 00000000 ____D () C:\FRST 2015-06-01 13:12 - 2015-06-01 13:12 - 01147392 _____ (Farbar) C:\Users\Boris\Downloads\FRST.exe 2015-05-27 15:22 - 2015-05-27 15:22 - 01197344 _____ () C:\Users\Boris\Downloads\odp-3.2-bin-windows-en-US - CHIP-Installer.exe 2015-05-26 22:56 - 2015-05-26 22:56 - 00000000 ____D () C:\ProgramData\WindowsSearch 2015-05-18 16:38 - 2015-05-18 16:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-05-14 00:09 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-14 00:04 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2015-05-14 00:04 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-05-14 00:04 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2015-05-14 00:04 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2015-05-14 00:04 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-05-14 00:04 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2015-05-14 00:04 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-05-14 00:04 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-14 00:04 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-14 00:04 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-14 00:03 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 23:48 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 15:12 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 15:12 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 15:12 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 15:12 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 15:12 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 15:12 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 15:12 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 15:12 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 15:12 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 15:12 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 15:12 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 15:12 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 15:12 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-05-13 15:12 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 15:12 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 15:12 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 15:12 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 15:12 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 15:12 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 15:12 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-05-13 15:12 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-05-13 15:12 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-01 13:06 - 2012-07-30 16:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-01 12:28 - 2008-06-20 04:48 - 01412798 _____ () C:\Windows\WindowsUpdate.log 2015-06-01 11:39 - 2014-12-27 22:28 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-01 11:39 - 2008-08-02 17:23 - 00000000 ____D () C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2015-06-01 11:39 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-01 11:39 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-01 11:38 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-06-01 01:52 - 2008-04-16 01:00 - 00000012 _____ () C:\Windows\bthservsdp.dat 2015-06-01 01:52 - 2006-11-02 15:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-05-29 20:17 - 2014-09-09 22:55 - 00000000 ____D () C:\Users\Boris\AppData\Local\Adobe 2015-05-29 20:16 - 2012-07-30 16:44 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-05-29 20:16 - 2012-07-30 16:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-05-28 09:46 - 2014-12-23 01:09 - 00000000 ____D () C:\Users\Boris\AppData\Roaming\Skype 2015-05-27 19:40 - 2014-12-23 01:08 - 00000000 ____D () C:\ProgramData\Skype 2015-05-27 19:37 - 2008-08-02 17:23 - 00104280 _____ () C:\Users\Boris\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-27 19:35 - 2006-11-02 14:47 - 00388520 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-26 23:02 - 2008-08-03 10:16 - 00002623 _____ () C:\Users\Boris\Desktop\Microsoft Word.lnk 2015-05-26 17:16 - 2008-08-02 17:20 - 00000000 ____D () C:\Users\Boris 2015-05-26 14:57 - 2014-12-27 22:29 - 00001969 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-19 14:58 - 2014-12-27 22:28 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-18 18:39 - 2012-11-12 18:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-05-14 12:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-05-14 00:48 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer 2015-05-14 00:48 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-14 00:47 - 2014-12-23 23:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-14 00:09 - 2012-11-13 17:46 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-05-14 00:08 - 2012-11-13 17:46 - 00001832 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-05-14 00:07 - 2012-11-13 17:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-05-14 00:02 - 2013-07-14 17:29 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-13 23:52 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-05-13 23:47 - 2014-12-23 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-13 23:31 - 2013-03-29 13:47 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-05-13 20:00 - 2014-12-23 01:08 - 00000000 ___RD () C:\Program Files\Skype ==================== Files in the root of some directories ======= 2012-11-03 03:27 - 2012-11-03 03:27 - 0017089 _____ () C:\Users\Boris\AppData\Roaming\UserTile.png 2013-09-11 18:37 - 2013-09-11 18:37 - 0000680 _____ () C:\Users\Boris\AppData\Local\d3d9caps.dat 2012-10-11 09:30 - 2014-12-21 12:30 - 0005632 _____ () C:\Users\Boris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-01 11:45 ==================== End of log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015 Ran by Boris at 2015-06-01 13:14:00 Running from C:\Users\Boris\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1411231321-3497987553-1682086313-500 - Administrator - Disabled) Boris (S-1-5-21-1411231321-3497987553-1682086313-1003 - Administrator - Enabled) => C:\Users\Boris Gast (S-1-5-21-1411231321-3497987553-1682086313-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Reader X (10.1.14) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated) Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems) ANSTOSS 2 (HKLM\...\ANSTOSS 2) (Version: - ) Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - ) ATI Catalyst Install Manager (HKLM\...\{9DCC214C-CD1A-1115-6775-A9056185FE4E}) (Version: 3.0.664.0 - ATI Technologies, Inc.) AVStation Now (HKLM\...\InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}) (Version: 4.0.10.6 - Ihr Firmenname) AVStation Now (Version: 4.0.10.6 - Ihr Firmenname) Hidden Catalyst Control Center - Branding (HKLM\...\{2433BAD7-453F-473D-BE81-455E68940DEB}) (Version: 1.00.0000 - ATI) ccc-core-static (Version: 2008.0318.2139.36886 - Ihr Firmenname) Hidden Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) doPDF (Version: 8.1.922 - Softland) Hidden doPDF 8 (HKLM\...\{203db349-8f91-4d14-8a94-0966e8933881}) (Version: 8.1.922 - Softland) Dropbox (HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2103 - CyberLink Corporation) Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.1 - ) Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung) Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Ihr Firmenname) Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname) Hidden Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.0.14 - ) Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com) Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD) LabelPrint 2.0 (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: - ) LightScribe 1.8.15.1 (Version: 1.8.15.1 - hxxp://www.lightscribe.com) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla) novaPDF 8 add-in for Microsoft Office (x86) (HKLM\...\{7187CC63-D4F5-4854-9946-BBC8AF45D45C}) (Version: 8.1.922 - Softland) novaPDF 8 Printer Driver (HKLM\...\{70EB3A38-9B31-4978-9EA9-C5E73527052D}) (Version: 8.1.922 - Softland) Pelikan Schulschriften (HKLM\...\Vereinfachte Ausgangsschrift VA_is1) (Version: - Will Software) Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.47 - Ihr Firmenname) Play AVStation (Version: 4.1.20.47 - Ihr Firmenname) Hidden PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.1 - ) PlayMemories Home (HKLM\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.0.02.14151 - Sony Corporation) Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - ) PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: - ) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2802.0 - CyberLink Corporation) PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074429(3.7)_Vista_SSPC - CyberLink Corp.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5433 - Realtek Semiconductor Corp.) Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD) Samsung Recovery Solution II (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 1.0.3.21 - Samsung) Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden Skins (Version: 2008.0318.2139.36886 - ATI) Hidden Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.) SMART Common Files (HKLM\...\{9057211D-439A-4C0D-95DE-498CF54ADF8C}) (Version: 11.3.267.0 - SMART Technologies ULC) SMART English (United Kingdom) Language Pack (HKLM\...\{2B2404AA-35DF-4BF3-A8F2-BAFC8F7174C5}) (Version: 11.2.29.0 - SMART Technologies ULC) SMART German Language Pack (HKLM\...\{FE34C5E6-CC3D-4C26-969A-0C2CAFB34658}) (Version: 11.2.29.0 - SMART Technologies ULC) SMART Ink (HKLM\...\{F0E390A2-AB03-4077-83C4-F12D3A65493D}) (Version: 1.1.549.1 - SMART Technologies ULC) SMART Notebook (HKLM\...\{82E3F365-86BD-4EA8-80CA-F498EBE89537}) (Version: 11.2.637.0 - SMART Technologies ULC) SMART Product Drivers (HKLM\...\{E91FBB79-D736-4834-A1AB-2A5CDD2DB7E7}) (Version: 11.1.669.0 - SMART Technologies ULC) SMART Sync Teacher (HKLM\...\{9D81615E-B150-488B-90CA-1159E2113BE3}) (Version: 10.0.576.0 - SMART Technologies ULC) SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Steuer 2013 (HKLM\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation) User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - ) VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN) WIDCOMM Bluetooth Software 6.0.1.5000 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.5000 - WIDCOMM, Inc.) WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) WINZD 2013-08 Rev. 2 (HKLM\...\WINZD_is1) (Version: - R. Aquila, F. Ostermeier) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}\InprocServer32 -> C:\Users\Boris\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAB~1.DLL No File ==================== Restore Points ========================= 18-05-2015 14:59:36 Windows Update 20-05-2015 00:17:29 Geplanter Prüfpunkt 21-05-2015 00:00:06 Geplanter Prüfpunkt 21-05-2015 19:57:05 Windows Update 22-05-2015 12:48:48 Geplanter Prüfpunkt 25-05-2015 23:26:00 Windows Update 27-05-2015 17:17:26 Geplanter Prüfpunkt 28-05-2015 20:16:08 Geplanter Prüfpunkt 29-05-2015 11:51:19 Geplanter Prüfpunkt 29-05-2015 19:25:23 Windows Update 30-05-2015 18:30:48 Geplanter Prüfpunkt 31-05-2015 20:00:22 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {26BB6DB7-086C-40DD-A65C-AF93924FF028} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {2A4D15FE-A6A3-431A-9B29-B99542F8855A} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-19] (Microsoft Corporation) Task: {2AA082C7-4803-4954-B360-FF0E5BC76E68} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-01-02] (SAMSUNG Electronics co., LTD.) Task: {363EAC71-3177-46E4-BC1D-BF3A95D66F63} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2015-01-09] () Task: {502ABAE2-A3CC-4D88-BE25-88B61A02AE97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-27] (Google Inc.) Task: {82583C58-CBA8-4AC1-A74E-8CE24ADE034E} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2007-12-28] (Samsung Electronics Co., Ltd.) Task: {892E0D52-AE03-47D7-AF89-5B50DF16F46D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-29] (Adobe Systems Incorporated) Task: {C66E8DD8-A324-45BA-999D-B635600D72CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-27] (Google Inc.) Task: {E99D3AFB-F7A8-4342-83DF-318615AF5CEB} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation) Task: {EC7BFDA4-4533-4C92-95E6-2AFF5B0DDB81} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-05] (Samsung Electronics Co., Ltd.) Task: {F8A5340B-69BF-4AEE-9F50-6E30203EF659} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2007-06-01] (SAMSUNG Electronics) Task: {FE114039-ADE6-4B13-8E0E-095655FF0D95} - System32\Tasks\{B56416D4-2ECB-427D-9578-EA8B77933930} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.80.102/de/abandoninstall?page=tsMain (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2008-04-15 07:40 - 2008-03-18 15:04 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll 2015-01-09 14:35 - 2015-01-09 14:35 - 00129304 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT.dll 2008-04-16 03:14 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll 2008-04-16 01:43 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll 2008-04-16 01:37 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll 2008-04-16 01:37 - 2006-09-19 02:52 - 00028672 _____ () C:\Program Files\Samsung\Easy Display Manager\WinMove.dll 2008-04-16 01:22 - 2006-12-19 15:23 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2008-03-18 05:21 - 2008-03-18 05:21 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\100sexlinks.com -> 100sexlinks.com There are 5968 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Boris\Pictures\Unbenannt.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk => C:\Windows\pss\BTTray.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Boris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" MSCONFIG\startupreg: sbsdk-server => "C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe" MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SMART Board Service => "C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe" -d MSCONFIG\startupreg: SMART Board Tools => "C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe" MSCONFIG\startupreg: SMART Ink => "C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe" -a MSCONFIG\startupreg: SMART SNMP Agent => "C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe" -e MSCONFIG\startupreg: SMARTClassroomCoordinator.exe => "C:\Program Files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe" MSCONFIG\startupreg: VantageService => "C:\Program Files\SMART Technologies\Education Software\VantageService.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [{363FD5FE-625A-48E2-9C24-9A2958B5E415}] => (Allow) C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE FirewallRules: [{F73EF69F-978F-4BB1-9C41-B449AB7EF792}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR.EXE FirewallRules: [TCP Query User{369E448A-D8F7-4BA0-9DFE-538158E67071}C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{F7880D89-7C9D-471D-A100-A64E6667B713}C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{584DA8A5-CFDD-4EFA-B81C-675C9FA54D35}] => (Allow) C:\Users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{B650F765-347A-47F0-A3D5-E858C44467FD}] => (Allow) C:\Users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{EA9E3BA5-0C6D-4AC6-A611-9389435C59BA}C:\program files\tvuplayer\tvuplayer.exe] => (Allow) C:\program files\tvuplayer\tvuplayer.exe FirewallRules: [UDP Query User{972B5D3D-D968-42EE-A585-BF8352039899}C:\program files\tvuplayer\tvuplayer.exe] => (Allow) C:\program files\tvuplayer\tvuplayer.exe FirewallRules: [{4CDA5B6D-1758-4634-A7FD-0A4A4883D7F3}] => (Allow) LPort=80 FirewallRules: [{70908495-9F51-4D56-B4D9-E420EE25A7EB}] => (Allow) LPort=80 FirewallRules: [{9D0F47CA-BDB4-4577-8347-26367C373B51}] => (Allow) LPort=80 FirewallRules: [TCP Query User{DEAAEB4C-D44D-43B6-9604-1A44DB8EA580}C:\program files\smart technologies\education software\vantageservice.exe] => (Block) C:\program files\smart technologies\education software\vantageservice.exe FirewallRules: [UDP Query User{2DC16E83-CF15-430B-9B0F-F8E0D2FB7056}C:\program files\smart technologies\education software\vantageservice.exe] => (Block) C:\program files\smart technologies\education software\vantageservice.exe FirewallRules: [TCP Query User{ADEA3ADC-25D9-49CA-9BA1-BE5B0BFF2D3A}C:\program files\smart technologies\education software\smartsnmpagent.exe] => (Block) C:\program files\smart technologies\education software\smartsnmpagent.exe FirewallRules: [UDP Query User{060867F9-9894-4EE6-B99B-CCD6C7DFC45F}C:\program files\smart technologies\education software\smartsnmpagent.exe] => (Block) C:\program files\smart technologies\education software\smartsnmpagent.exe FirewallRules: [{A5134779-AB27-48FF-9E31-8F673CEB5D1A}] => (Allow) C:\Program Files\SMART Technologies\Education Software\SMARTSyncTeacher.exe FirewallRules: [{27165A7D-1928-4AB9-9A9D-AEBC3CE927EC}] => (Allow) C:\Program Files\SMART Technologies\Education Software\SMARTSyncTeacher.exe FirewallRules: [{53B9088F-04EA-4A10-AEFE-690AB04E23E5}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCGui.exe FirewallRules: [{0B985889-957B-441A-830A-402F0BA50A48}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCGui.exe FirewallRules: [{5463188D-1BEF-4141-80B1-0F4A33EE53E9}] => (Allow) C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe FirewallRules: [{941306F9-CD40-48A7-8A8D-00C65D4AF217}] => (Allow) C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe FirewallRules: [{F3845559-260E-4878-86AB-92E29080E577}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCService.exe FirewallRules: [{02BE2363-1B5E-4A0C-A590-5C799AC14613}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCService.exe FirewallRules: [{AA091F8E-5968-4068-9779-81CE1319020D}] => (Allow) C:\Program Files\SMART Technologies\Education Software\VantageService.exe FirewallRules: [{3DC02466-FDD0-4ADB-82E0-6AA29EBA5AC5}] => (Allow) C:\Program Files\SMART Technologies\Education Software\VantageService.exe FirewallRules: [TCP Query User{A8C27D0E-EA68-4D0E-982C-264B14BF3731}C:\program files\smart technologies\education software\responsesoftwareservice.exe] => (Block) C:\program files\smart technologies\education software\responsesoftwareservice.exe FirewallRules: [UDP Query User{99D748DD-4E51-4F52-8582-CF1E231DCF1A}C:\program files\smart technologies\education software\responsesoftwareservice.exe] => (Block) C:\program files\smart technologies\education software\responsesoftwareservice.exe FirewallRules: [{D249E997-65F8-4591-A762-96C710C09B94}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{9499DEEF-5760-4E22-AB04-526C2A22FC63}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{96965F50-58EE-4DDD-8B0C-51DCE0C1D671}] => (Allow) LPort=8501 FirewallRules: [{2E9792F4-5793-4435-8BC0-75D2024B2E87}] => (Allow) LPort=8501 FirewallRules: [TCP Query User{A9B767FD-FE00-4538-BF7D-B15E297ED7D9}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{01732457-95C3-4E92-BF7B-63A5BACF5500}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [{B28C0FE3-0D7C-47DD-B49F-6A12E10C3A25}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{23590C37-414B-4E7A-9713-87709133D492}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{BB975426-58BE-4DB8-A4D1-F8962CB97B7B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/01/2015 01:52:29 AM) (Source: EventSystem) (EventID: 4621) (User: ) Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (05/31/2015 02:22:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (05/30/2015 00:28:20 AM) (Source: EventSystem) (EventID: 4621) (User: ) Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (05/29/2015 11:57:24 AM) (Source: EventSystem) (EventID: 4621) (User: ) Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (05/29/2015 09:25:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (05/29/2015 09:25:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (05/29/2015 09:25:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (05/29/2015 09:25:38 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (05/29/2015 03:40:49 AM) (Source: EventSystem) (EventID: 4621) (User: ) Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (05/28/2015 09:46:46 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\BORIS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) System errors: ============= Error: (06/01/2015 11:54:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: 0x80070643Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.199.1401.0){BE66F658-5D79-449D-8B9A-D1B7F866C87E}201 Error: (06/01/2015 11:53:17 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %NT-AUTORITÄT51 Aktualisierungsphase: 4.8.0204.00 Quellpfad: 4.8.0204.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (06/01/2015 11:53:11 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: Aktualisierungsquelle: %NT-AUTORITÄT15 Aktualisierungsphase: 4.8.0204.00 Quellpfad: 4.8.0204.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (06/01/2015 11:53:04 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.199.1401.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.8.0204.00 Quellpfad: 4.8.0204.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (06/01/2015 11:53:01 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: Aktualisierungsquelle: %NT-AUTORITÄT15 Aktualisierungsphase: 4.8.0204.00 Quellpfad: 4.8.0204.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (06/01/2015 11:40:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (05/30/2015 11:48:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: 0x80070643Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.199.1335.0){33752E1E-CFA0-4B39-8932-9A5772915A11}201 Error: (05/30/2015 11:47:22 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %NT-AUTORITÄT51 Aktualisierungsphase: 4.8.0204.00 Quellpfad: 4.8.0204.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (05/30/2015 11:47:15 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: Aktualisierungsquelle: %NT-AUTORITÄT15 Aktualisierungsphase: 4.8.0204.00 Quellpfad: 4.8.0204.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (05/30/2015 11:47:08 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.199.1335.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.8.0204.00 Quellpfad: 4.8.0204.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Microsoft Office: ========================= Error: (06/01/2015 01:52:29 AM) (Source: EventSystem) (EventID: 4621) (User: ) Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (05/31/2015 02:22:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING-BACKUP Error: (05/30/2015 00:28:20 AM) (Source: EventSystem) (EventID: 4621) (User: ) Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (05/29/2015 11:57:24 AM) (Source: EventSystem) (EventID: 4621) (User: ) Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (05/29/2015 09:25:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING-TO_DELETE Error: (05/29/2015 09:25:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING Error: (05/29/2015 09:25:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING Error: (05/29/2015 09:25:38 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING-BACKUP Error: (05/29/2015 03:40:49 AM) (Source: EventSystem) (EventID: 4621) (User: ) Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (05/28/2015 09:46:46 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\BORIS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES CodeIntegrity Errors: =================================== Date: 2014-12-23 13:49:29.576 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-23 13:49:28.938 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-23 13:49:28.281 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-23 13:49:27.688 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-23 13:49:26.718 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-23 13:49:26.133 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-23 13:49:25.532 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-23 13:49:24.938 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-08-31 13:29:37.054 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-08-31 13:29:36.473 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz Percentage of memory in use: 39% Total physical RAM: 3069.45 MB Available physical RAM: 1869.04 MB Total Pagefile: 6379.29 MB Available Pagefile: 5074.68 MB Total Virtual: 2047.88 MB Available Virtual: 1889.46 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:111.88 GB) (Free:47.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:111 GB) (Free:110.9 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: BD17C37C) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=111.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=111 GB) - (Type=07 NTFS) ==================== End of log ============================ |
02.06.2015, 21:04 | #4 |
/// Malwareteam | langsamer rechner, hängt sich immer wieder auf Hi ich hab dich nicht vergessen.. Antwort kommt schnellstmoeglich |
03.06.2015, 18:26 | #5 |
/// Malwareteam | langsamer rechner, hängt sich immer wieder auf Hi Schritt 1: deinstalliere deine Version von Malwarebytes Antimalware. Hier ist eine Daten beschädigt. Schritt 2: Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Schritt 3: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter AlternateDataStreams[/COLOR]: C:\ProgramData\TEMP:5C321E34 emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 4: Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 5: erstelle bitte ein neues FRST Logfile und poste es hier. Verbessert sich das Verhalten deines Systems. |
11.06.2015, 17:26 | #6 |
/// Malwareteam | langsamer rechner, hängt sich immer wieder aufich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.
__________________ --> langsamer rechner, hängt sich immer wieder auf |
11.06.2015, 22:38 | #7 |
| langsamer rechner, hängt sich immer wieder auf hallo, habe einfach nicht bemerkt, dass du schon längst geschrieben hast grüße Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015 Ran by Boris at 2015-06-11 22:57:45 Run:1 Running from C:\Users\Boris\Downloads Loaded Profiles: Boris (Available Profiles: Boris) Boot Mode: Normal ============================================== fixlist content: ***************** HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION Emptytemp: ***************** HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. EmptyTemp: => 633.2 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 22:58:20 ==== Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 11/06/2015 um 23:10:11 # Aktualisiert 01/06/2015 von Xplode # Datenbank : 2015-06-09.1 [Server] # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86) # Benutzername : Boris - BORIS-PC # Gestarted von : C:\Users\Boris\Downloads\AdwCleaner_4.206.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Boris\Desktop\hosts Ordner Gelöscht : C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg Datei Gelöscht : C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT Datei Gelöscht : C:\Users\Boris\AppData\Local\GDIPFONTCACHEV1.DAT Datei Gelöscht : C:\Users\Boris\AppData\Roaming\GDIPFONTCACHEV1.DAT ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{58F249C9-6D95-4CA5-B911-63FE6923246D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4662AFB-2596-4C42-8F56-A313C2823C0F} Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 ***** [ Internetbrowser ] ***** -\\ Internet Explorer v9.0.8112.16659 -\\ Mozilla Firefox v38.0.5 (x86 de) -\\ Google Chrome v43.0.2357.124 ************************* AdwCleaner[R0].txt - [1685 Bytes] - [11/06/2015 23:06:29] AdwCleaner[S0].txt - [1522 Bytes] - [11/06/2015 23:10:11] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1581 Bytes] ########## Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015 Ran by Boris (administrator) on BORIS-PC on 11-06-2015 23:31:53 Running from c:\Users\Boris\Downloads Loaded Profiles: Boris (Available Profiles: Boris) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4489216 2007-06-13] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.) HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] () HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Policies\Explorer: [RestrictRun] 0 HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-02-13] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.samsungcomputer.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll [2013-05-23] (SMART Technologies ULC.) Toolbar: HKLM - SMART Sync - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files\SMART Technologies\Education Software\SyncIEToolbar.dll [2011-06-22] (SMART Technologies ULC.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris FF DefaultSearchEngine: Google FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-29] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll No File FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-04-30] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris\searchplugins\google-images.xml [2014-11-30] FF SearchPlugin: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris\searchplugins\google-maps.xml [2014-11-30] FF Extension: Test Pilot - C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-11-02] FF Extension: GMX MailCheck - C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\Extensions\toolbar@gmx.net.xpi [2012-10-16] FF Extension: No Name - C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-01] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-02] FF HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR Profile: C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-27] CHR Extension: (Google Docs) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-27] CHR Extension: (Google Drive) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-27] CHR Extension: (YouTube) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-27] CHR Extension: (Google Search) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-27] CHR Extension: (Google Sheets) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-27] CHR Extension: (Bookmark Manager) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-29] CHR Extension: (Google Wallet) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-27] CHR Extension: (Gmail) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-27] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1074480 2013-08-15] (Flexera Software LLC) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation) R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2015-01-09] (Microsoft) R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation) R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] () S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [73728 2007-06-28] () [File not signed] R2 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [582992 2013-03-07] (SMART Technologies) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-04-16] (SAMSUNG ELECTRONICS CO., LTD.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-11] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation) R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [8192 2013-03-07] (SMART Technologies) R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [7680 2013-03-07] (SMART Technologies) R3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [15872 2013-03-07] (SMART Technologies ULC) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 catchme; \??\C:\Users\Boris\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 VMC302; System32\Drivers\VMC302.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 23:26 - 2015-06-11 23:26 - 00000810 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-06-11 23:26 - 2015-06-11 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-06-11 23:26 - 2015-06-11 23:26 - 00000000 ____D C:\Program Files\CCleaner 2015-06-11 23:24 - 2015-06-11 23:24 - 06549184 _____ (Piriform Ltd) C:\Users\Boris\Downloads\ccsetup506.exe 2015-06-11 23:12 - 2015-06-11 23:12 - 00104280 _____ C:\Users\Boris\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-11 23:05 - 2015-06-11 23:10 - 00000000 ____D C:\AdwCleaner 2015-06-11 23:05 - 2015-06-11 23:05 - 02231296 _____ C:\Users\Boris\Downloads\AdwCleaner_4.206.exe 2015-06-11 22:57 - 2015-06-11 22:57 - 00000000 ____D C:\Users\Boris\Downloads\FRST-OlderVersion 2015-06-11 22:56 - 2015-06-11 22:56 - 00000070 _____ C:\Users\Public\Downloads\FRST.txt 2015-06-11 22:11 - 2015-06-11 22:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-06-11 22:07 - 2015-06-11 22:47 - 00000000 ____D C:\Users\Boris\Desktop\mbar 2015-06-11 22:06 - 2015-06-11 22:06 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Boris\Downloads\mbar-1.09.1.1004(1).exe 2015-06-11 22:05 - 2015-06-11 22:06 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Boris\Downloads\mbar-1.09.1.1004.exe 2015-06-11 22:03 - 2015-06-11 22:07 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-11 22:03 - 2015-06-11 22:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-11 22:03 - 2015-06-11 22:03 - 00000905 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-06-11 22:03 - 2015-06-11 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-11 22:03 - 2015-06-11 22:03 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 2015-06-11 22:03 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-11 22:03 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-11 22:02 - 2015-06-11 22:02 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Boris\Downloads\mbam-setup-2.1.6.1022.exe 2015-06-11 12:46 - 2015-04-24 17:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-11 12:45 - 2015-05-21 16:22 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-06-11 12:45 - 2015-05-09 01:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-06-11 12:43 - 2015-05-05 00:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-06-11 12:43 - 2015-05-05 00:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-06-11 12:43 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-06-11 12:43 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-06-11 12:43 - 2015-05-04 23:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-06-10 23:32 - 2015-06-10 23:32 - 00000000 ____D C:\Users\Boris\AppData\Local\Microsoft Games 2015-06-10 17:18 - 2015-05-31 02:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 17:18 - 2015-05-31 01:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 17:18 - 2015-05-31 01:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 17:18 - 2015-05-31 01:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 17:18 - 2015-05-31 01:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 17:18 - 2015-05-31 01:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 17:18 - 2015-05-31 01:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 17:18 - 2015-05-31 01:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 17:18 - 2015-05-31 01:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 17:18 - 2015-05-31 01:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 17:18 - 2015-05-31 01:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 17:18 - 2015-05-31 01:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 17:18 - 2015-05-31 01:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-06-10 17:18 - 2015-05-31 01:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 17:18 - 2015-05-31 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 17:18 - 2015-05-31 01:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 17:18 - 2015-05-31 01:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-06-10 17:18 - 2015-05-31 01:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 17:18 - 2015-05-31 01:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 17:18 - 2015-05-31 01:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 17:18 - 2015-05-31 01:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-06-10 17:18 - 2015-05-31 01:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-06-03 13:45 - 2015-06-04 08:36 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-06-01 13:14 - 2015-06-01 13:15 - 00042287 _____ C:\Users\Boris\Downloads\Addition.txt 2015-06-01 13:13 - 2015-06-11 23:32 - 00000000 ____D C:\FRST 2015-06-01 13:13 - 2015-06-11 23:31 - 00014977 _____ C:\Users\Boris\Downloads\FRST.txt 2015-06-01 13:12 - 2015-06-11 22:57 - 01147904 _____ (Farbar) C:\Users\Boris\Downloads\FRST.exe 2015-05-27 15:22 - 2015-05-27 15:22 - 01197344 _____ C:\Users\Boris\Downloads\odp-3.2-bin-windows-en-US - CHIP-Installer.exe 2015-05-26 22:56 - 2015-05-26 22:56 - 00000000 ____D C:\ProgramData\WindowsSearch 2015-05-14 00:09 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-14 00:04 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2015-05-14 00:04 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-05-14 00:04 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2015-05-14 00:04 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2015-05-14 00:04 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-05-14 00:04 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2015-05-14 00:04 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-05-14 00:04 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-14 00:04 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-14 00:03 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 23:48 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 23:30 - 2008-06-20 04:48 - 01955087 _____ C:\Windows\WindowsUpdate.log 2015-06-11 23:12 - 2014-12-27 22:28 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-11 23:12 - 2008-08-02 17:23 - 00000000 ____D C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2015-06-11 23:12 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-11 23:12 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-11 23:12 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-11 23:11 - 2008-04-16 01:00 - 00000012 _____ C:\Windows\bthservsdp.dat 2015-06-11 23:11 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-06-11 23:06 - 2012-07-30 16:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-11 13:13 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2015-06-11 12:57 - 2006-11-02 14:47 - 00388520 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-11 12:54 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE 2015-06-10 19:47 - 2008-08-03 10:16 - 00002623 _____ C:\Users\Boris\Desktop\Microsoft Word.lnk 2015-06-09 21:54 - 2012-07-30 16:44 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-06-09 21:54 - 2012-07-30 16:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-06-09 18:55 - 2014-12-27 22:29 - 00001969 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-06-04 08:36 - 2012-11-12 18:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-05-29 20:17 - 2014-09-09 22:55 - 00000000 ____D C:\Users\Boris\AppData\Local\Adobe 2015-05-28 09:46 - 2014-12-23 01:09 - 00000000 ____D C:\Users\Boris\AppData\Roaming\Skype 2015-05-27 19:40 - 2014-12-23 01:08 - 00000000 ____D C:\ProgramData\Skype 2015-05-26 17:16 - 2008-08-02 17:20 - 00000000 ____D C:\Users\Boris 2015-05-19 14:58 - 2014-12-27 22:28 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-14 12:02 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2015-05-14 00:48 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer 2015-05-14 00:48 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-14 00:47 - 2014-12-23 23:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-14 00:09 - 2012-11-13 17:46 - 00001912 _____ C:\Windows\epplauncher.mif 2015-05-14 00:08 - 2012-11-13 17:46 - 00001832 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-05-14 00:07 - 2012-11-13 17:46 - 00000000 ____D C:\Program Files\Microsoft Security Client 2015-05-14 00:02 - 2013-07-14 17:29 - 00000000 ____D C:\Windows\system32\MRT 2015-05-13 23:52 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-05-13 23:47 - 2014-12-23 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-13 23:31 - 2013-03-29 13:47 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-05-13 20:00 - 2014-12-23 01:08 - 00000000 ___RD C:\Program Files\Skype ==================== Files in the root of some directories ======= 2012-11-03 03:27 - 2012-11-03 03:27 - 0017089 _____ () C:\Users\Boris\AppData\Roaming\UserTile.png 2013-09-11 18:37 - 2013-09-11 18:37 - 0000680 _____ () C:\Users\Boris\AppData\Local\d3d9caps.dat 2012-10-11 09:30 - 2014-12-21 12:30 - 0005632 _____ () C:\Users\Boris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some files in TEMP: ==================== C:\Users\Boris\AppData\Local\Temp\Quarantine.exe C:\Users\Boris\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-11 23:18 ==================== End of log ============================ |
12.06.2015, 19:11 | #8 |
/// Malwareteam | langsamer rechner, hängt sich immer wieder auf Hi... Die Rückmeldung über das Systemverhalten ist noch offen ☺ Sag noch bescheid ob sich bereits etwas verändert hat. |
12.06.2015, 19:15 | #9 |
| langsamer rechner, hängt sich immer wieder auf hallo, es hat sich etwas getan. ist aber trotzdem noch nicht auf dem alten level; d.h. lange ladezeit z.b. für gmx etc. danke trotzdem schonmal |
14.06.2015, 19:13 | #10 |
/// Malwareteam | langsamer rechner, hängt sich immer wieder auf Hi, Schritt 1: dein MBAR Logfile fehlt noch. Hat hier alles geklappt? Schritt 2: ESET Online Scanner
|
14.06.2015, 20:04 | #11 |
| langsamer rechner, hängt sich immer wieder auf hallo, mbar mäßig wurden keinerlei bedrohungen gefunden. ich mal mal den eset |
17.06.2015, 18:49 | #12 |
| langsamer rechner, hängt sich immer wieder aufCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=8587809f51c2eb4b82932ffe0d0abe22 # end=init # utc_time=2015-06-16 11:06:25 # local_time=2015-06-16 01:06:25 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.0.6002 NT Service Pack 2 Update Init Update Download Update Finalize Updated modules version: 24350 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=8587809f51c2eb4b82932ffe0d0abe22 # end=updated # utc_time=2015-06-16 11:09:40 # local_time=2015-06-16 01:09:40 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.0.6002 NT Service Pack 2 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=8587809f51c2eb4b82932ffe0d0abe22 # engine=24350 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-06-16 12:25:10 # local_time=2015-06-16 02:25:10 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 2902631 105747532 0 0 # scanned=156854 # found=7 # cleaned=7 # scan_time=4530 sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Boris\AppData\Local\Temp\DMR\dmr_72.exe" sh=987C105596E1851BDA516A0B291F80060F1A302C ft=1 fh=6ba17f86d3d5e0e6 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Boris\Downloads\avira_free_antivirus_de.exe" sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Boris\Downloads\ccsetup501.exe" sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Boris\Downloads\ccsetup502.exe" sh=012CB3E628C9FAC1159A4BA01F79C6C905757FF9 ft=1 fh=2ab5bfb1b985039b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Boris\Downloads\ccsetup506.exe" sh=7EB438E10CA18B4FED809AF8FABE03196E15A2CC ft=1 fh=358be14d67fe68cc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Boris\Downloads\odp-3.2-bin-windows-en-US - CHIP-Installer.exe" sh=6CBA0E0599CAA7A76B91B672EE8EF08C3C4DBDFF ft=1 fh=8a09855d7c1e65c2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Boris\Downloads\Vista Shutdown Timer - CHIP-Installer.exe" ist der aus versehen gelöscht worden? kann eigentlich nicht sein?! grüße hinzu kommt übrigens, dass, auch nach eset, die ladezeit immer noch verblüffend lang ist, fast noch länger geworden ist. tja, diesmal ist es hartnäckig. |
18.06.2015, 17:51 | #13 |
/// Malwareteam | langsamer rechner, hängt sich immer wieder auf Hi , ich habe deine Antwort gerade gelesen und melde mich gleich mit neuen Anweisungen... |
19.06.2015, 21:13 | #14 |
/// Malwareteam | langsamer rechner, hängt sich immer wieder auf Hallo dann versuchen wir jetzt einmal ein Windows all in One Repair. Dadurch sollte es besser werden. Schritt 2: erstelle bitte eine neues FRST LOgfile, setze den Haken bei addition.txt und poste beide Logfiles hier |
22.06.2015, 12:39 | #15 |
| langsamer rechner, hängt sich immer wieder auf hallo, ich habe den download so durchgeführt. allerdings habe ich das ganze als zip erhalten kannst du mir bitte sagen, wie es weitergeht? danke und gruß |
Themen zu langsamer rechner, hängt sich immer wieder auf |
freue, hängt, immer wieder, langsamer, langsamer rechner, rechner |