Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Malware bei Facebook

Malware bei Facebook


Log-Analyse und Auswertung: Malware bei Facebook

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 09.07.2015, 09:59   #1
susi16
 
Malware bei Facebook - Standard

Malware bei Facebook


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015
Ran by Rijo (administrator) on BÜCHER-PC on 09-07-2015 09:55:13
Running from C:\Users\Rijo\Desktop
Loaded Profiles: Rijo (Available Profiles: Rijo & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.7.0.11\n360.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.7.0.11\n360.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.7.0.11\coNatHst.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1150976 2009-01-19] (Brother Industries, Ltd.)
HKU\S-1-5-21-2435575737-2959328486-3478796703-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6405912 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-2435575737-2959328486-3478796703-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2435575737-2959328486-3478796703-1000 -> {52C652A9-EF35-4469-9B14-FD27F5A40C87} URL = https://www.google.com/search?q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-19] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-19] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2435575737-2959328486-3478796703-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\..\Interfaces\{8FA4F53C-3552-4666-882D-06F5AA1831E1}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-19] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-06-28]
FF Extension: NASA Night Launch - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\Extensions\nasanightlaunch@example.com.xpi [2014-11-06]
FF Extension: NoScript - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-06]
FF Extension: FXChrome - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2014-11-06]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn [2015-07-09]
FF Extension: No Name - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\extensions\sweetsearch@gmail.com [not found]
FF Extension: No Name - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\extensions\iobitascsurfingprotection@iobit.com [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome: 
=======
CHR Profile: C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Brushed) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2015-07-09]
CHR Extension: (Adblock Plus) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-30]
CHR Extension: (AdBlock) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-30]
CHR Extension: (Norton Identity Safe) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-26]
CHR Extension: (GPS Tracking Application) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiopjmhfcjjclkkkoanfenmofekjlebf [2015-07-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-30]
CHR Extension: (Messenger (Unofficial)) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2015-06-30]
CHR Extension: (Norton Security Toolbar) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-07-09]
CHR Extension: (Google Wallet) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-10]
CHR Extension: (Simple FB Messenger) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\omjfcpmgchkdbfhpgboehgknlhnhhnnh [2015-06-30]
CHR HKLM\...\Chrome\Extension: [eblihieomkjeiobglmnbmidkajdcfkpa] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-06-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] () [File not signed]
S4 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2015-04-20] (Fork, Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
S4 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S4 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-02-12] (Enigma Software Group USA, LLC.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed]
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20150706.001\BHDrvx86.sys [1181424 2015-06-25] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1507000.00B\ccSetx86.sys [127064 2014-02-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-06-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [122192 2015-06-28] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-02-12] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-02-12] ()
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed]
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20150708.001\IDSvix86.sys [523512 2015-06-26] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20150708.005\NAVENG.SYS [104440 2015-07-07] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20150708.005\NAVEX15.SYS [1645432 2015-07-07] (Symantec Corporation)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1507000.00B\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1507000.00B\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1507000.00B\SYMDS.SYS [367704 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1507000.00B\SYMEFA.SYS [936152 2014-08-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2015-06-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1507000.00B\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1507000.00B\SYMTDIV.SYS [384728 2014-08-26] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SipIMNDI; system32\DRIVERS\SipIMNDI.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 09:55 - 2015-07-09 09:55 - 00016190 _____ C:\Users\Rijo\Desktop\FRST.txt
2015-07-09 09:54 - 2015-07-09 09:55 - 00000000 ____D C:\FRST
2015-07-09 09:52 - 2015-07-09 09:52 - 01636352 _____ (Farbar) C:\Users\Rijo\Desktop\frst.exe
2015-07-09 01:28 - 2015-03-24 00:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
2015-07-08 21:40 - 2015-07-09 09:37 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-08 21:36 - 2015-07-08 21:36 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Rijo\Downloads\malwarebytes.exe
2015-07-08 21:36 - 2015-07-08 21:36 - 00000899 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-08 21:36 - 2015-07-08 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-08 21:36 - 2015-07-08 21:36 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-07-08 21:36 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-08 21:36 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-08 21:36 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-08 12:42 - 2015-07-08 12:42 - 00000000 ____D C:\Users\Rijo\AppData\Local\F-Secure
2015-07-08 01:59 - 2015-07-08 22:52 - 00000000 ____D C:\Users\Rijo\Desktop\Schwanenkind Werbung
2015-07-08 01:58 - 2015-07-08 01:58 - 00033408 _____ C:\Users\Rijo\AppData\Local\recently-used.xbel
2015-07-03 07:47 - 2015-07-03 07:47 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\ProductData
2015-07-02 05:26 - 2015-07-02 05:25 - 00001974 _____ C:\Users\Rijo\Desktop\Kaspersky Anti-Virus.lnk
2015-07-02 00:16 - 2015-07-02 00:17 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\IObit
2015-07-02 00:16 - 2015-07-02 00:17 - 00000000 ____D C:\ProgramData\IObit
2015-07-02 00:16 - 2015-07-02 00:16 - 00000000 ____D C:\Program Files\IObit
2015-06-30 11:47 - 2015-06-30 11:47 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\dlg
2015-06-30 11:38 - 2015-06-30 11:38 - 00517568 _____ ( ) C:\Users\Rijo\Downloads\ms-windows-tool-zum-entfernen-boesartiger-software-5.24-setup.exe
2015-06-30 09:56 - 2015-07-08 10:15 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-30 09:17 - 2015-06-30 09:17 - 00000000 ____D C:\ProgramData\Emsisoft
2015-06-30 08:35 - 2015-07-09 09:36 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-06-30 08:33 - 2015-06-30 08:34 - 163617512 _____ (Emsisoft Ltd. ) C:\Users\Rijo\Downloads\EmsisoftAntiMalwareSetup_10.0.0.5366.exe
2015-06-28 19:02 - 2015-06-28 19:04 - 06565736 _____ (Piriform Ltd) C:\Users\Rijo\Downloads\ccsetup507.exe
2015-06-28 16:26 - 2015-06-28 16:28 - 00279552 _____ C:\Users\Rijo\Documents\Barbara Costa.ppt
2015-06-28 13:51 - 2015-06-28 13:51 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2015-06-28 13:51 - 2015-06-28 13:51 - 00008194 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2015-06-28 13:51 - 2015-06-28 13:51 - 00002050 _____ C:\Users\Rijo\Downloads\Norton 360 (2).lnk
2015-06-28 13:50 - 2015-06-30 07:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-06-28 13:50 - 2015-06-30 07:43 - 00000000 ____D C:\Windows\system32\Drivers\N360
2015-06-28 13:50 - 2015-06-28 13:50 - 00000000 ____D C:\Program Files\Norton 360
2015-06-28 13:39 - 2015-06-28 13:46 - 191136136 _____ (Symantec Corporation) C:\Users\Rijo\Downloads\norton_360_setup (3).exe
2015-06-28 12:56 - 2015-06-28 13:03 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-06-28 12:55 - 2015-06-28 12:55 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-06-26 11:28 - 2015-06-26 11:28 - 01387520 _____ C:\Users\Rijo\Documents\Hörnchen Reihe.ppt
2015-06-23 22:49 - 2015-06-23 22:49 - 00243592 _____ C:\Users\Rijo\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-22 08:52 - 2015-06-28 23:54 - 00000000 ____D C:\Users\Rijo\Desktop\Daggi neu für Janette
2015-06-18 07:12 - 2015-06-18 07:12 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-12 17:27 - 2015-06-12 17:27 - 00000000 ____D C:\Users\Rijo\{988e4c9b-05d4-49e6-bff6-6eb6db3f887a}
2015-06-12 17:27 - 2015-06-12 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver 1.0
2015-06-12 17:27 - 2015-06-12 17:27 - 00000000 ____D C:\Driver 1.0

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 09:46 - 2014-09-02 19:25 - 00000000 ____D C:\Users\Rijo\Desktop\Werbesprüche und anderes
2015-07-09 09:44 - 2014-07-21 10:55 - 00000000 ____D C:\Users\Rijo\Desktop\Püppi Grüße
2015-07-09 09:40 - 2006-11-02 14:52 - 01524486 _____ C:\Windows\WindowsUpdate.log
2015-07-09 09:37 - 2014-05-10 15:19 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-09 09:37 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-09 09:37 - 2006-11-02 14:47 - 00004448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-09 09:37 - 2006-11-02 14:47 - 00004448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-09 09:36 - 2006-11-02 15:01 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-09 01:08 - 2014-05-10 15:19 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-09 01:05 - 2014-05-11 07:56 - 01798608 _____ C:\Windows\PFRO.log
2015-07-09 01:02 - 2014-05-15 03:25 - 00000000 ____D C:\AdwCleaner
2015-07-09 00:14 - 2014-05-10 21:03 - 00000000 ____D C:\Program Files\CCleaner
2015-07-08 22:40 - 2006-11-02 12:33 - 01559094 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-08 14:48 - 2014-05-10 16:14 - 00000824 _____ C:\Users\Rijo\AppData\Roaming\wklnhst.dat
2015-07-08 14:47 - 2014-11-29 18:47 - 00040960 _____ C:\Users\Rijo\Desktop\Haushalt 2015.xlr
2015-07-08 13:06 - 2014-11-05 20:51 - 00000000 ____D C:\ProgramData\F-Secure
2015-07-08 08:28 - 2014-05-10 13:58 - 00000000 ____D C:\Users\Rijo
2015-07-08 05:44 - 2014-05-10 17:39 - 00000000 ____D C:\Users\Rijo\Desktop\Arbeitsprogramme
2015-07-08 03:19 - 2015-01-19 17:55 - 00000000 ____D C:\Users\Rijo\Desktop\Hinweisschilder mit Püppi
2015-07-08 01:59 - 2014-05-10 21:48 - 00000000 ____D C:\Users\Rijo\.gimp-2.8
2015-07-08 01:58 - 2014-05-10 21:52 - 00000000 ____D C:\Users\Rijo\AppData\Local\gtk-2.0
2015-07-07 23:34 - 2014-05-11 09:40 - 00000000 ____D C:\Program Files\SpeedFan
2015-07-07 16:28 - 2014-05-10 17:42 - 00124928 _____ C:\Users\Rijo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-06 14:27 - 2014-06-24 10:03 - 00000000 ____D C:\Users\Rijo\Documents\My Kindle Content
2015-07-06 03:41 - 2014-08-16 19:32 - 00000000 ____D C:\Program Files\PDF24
2015-07-05 22:37 - 2014-05-10 17:44 - 00000000 ___RD C:\Users\Rijo\Desktop\Johann
2015-07-05 19:47 - 2014-05-10 17:49 - 00000000 ___RD C:\Users\Rijo\Desktop\Fertige Bücher
2015-07-05 19:42 - 2014-05-10 17:47 - 00000000 ___RD C:\Users\Rijo\Desktop\gemischte programme
2015-07-05 03:07 - 2014-05-11 16:10 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\Skype
2015-07-05 00:32 - 2014-06-09 17:44 - 00000000 ____D C:\Users\Rijo\AppData\Local\CrashDumps
2015-07-02 09:44 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2015-07-02 05:26 - 2014-05-10 18:24 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-07-02 00:16 - 2014-06-21 08:51 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\Apple Computer
2015-07-01 13:15 - 2014-05-10 17:39 - 00000000 ___RD C:\Users\Rijo\Desktop\Rita
2015-06-30 18:27 - 2014-05-10 19:37 - 00034304 _____ C:\Users\Rijo\Desktop\gas 2006-2015.xlr
2015-06-30 10:25 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2015-06-28 19:09 - 2014-05-10 21:03 - 00000804 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-28 13:53 - 2014-05-10 18:35 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-06-28 13:50 - 2014-05-10 19:12 - 00000000 ____D C:\ProgramData\Norton
2015-06-27 00:30 - 2014-05-26 11:53 - 00000000 ____D C:\Users\Rijo\AppData\Local\NPE
2015-06-27 00:26 - 2014-05-26 11:56 - 00000000 ____D C:\NPE
2015-06-26 19:00 - 2015-05-28 08:28 - 00000000 ____D C:\Users\Rijo\Desktop\Alle wichtigen Ordner
2015-06-25 09:25 - 2015-04-03 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2015-06-22 06:49 - 2015-05-01 10:49 - 00000000 ____D C:\Program Files\Formatierungstool
2015-06-15 23:38 - 2015-01-01 14:31 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\PhotoScape
2015-06-15 13:09 - 2015-01-01 14:36 - 00000000 ____D C:\output
2015-06-15 13:08 - 2015-01-01 14:32 - 00024576 ____H C:\Users\Rijo\Desktop\photothumb.db
2015-06-13 21:07 - 2014-05-11 13:28 - 00028581 _____ C:\Windows\setupact.log

==================== Files in the root of some directories =======

2014-05-10 19:18 - 2014-05-10 19:18 - 0024206 _____ () C:\Users\Rijo\AppData\Roaming\UserTile.png
2014-11-08 22:43 - 2014-11-24 06:43 - 0000163 _____ () C:\Users\Rijo\AppData\Roaming\WB.CFG
2014-05-10 16:14 - 2015-07-08 14:48 - 0000824 _____ () C:\Users\Rijo\AppData\Roaming\wklnhst.dat
2014-05-10 13:58 - 2015-02-13 10:02 - 0001356 _____ () C:\Users\Rijo\AppData\Local\d3d9caps.dat
2014-05-10 17:42 - 2015-07-07 16:28 - 0124928 _____ () C:\Users\Rijo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-10 12:43 - 2014-11-22 10:43 - 0000001 _____ () C:\Users\Rijo\AppData\Local\DSI.DAT
2014-07-24 12:23 - 2014-07-24 12:23 - 0000292 _____ () C:\Users\Rijo\AppData\Local\HamsterBookConverter.cfg
2014-12-11 09:05 - 2014-12-11 09:05 - 0004096 ____H () C:\Users\Rijo\AppData\Local\keyfile3.drm
2015-07-08 01:58 - 2015-07-08 01:58 - 0033408 _____ () C:\Users\Rijo\AppData\Local\recently-used.xbel
2014-09-30 23:10 - 2014-09-30 23:10 - 0000000 _____ () C:\Users\Rijo\AppData\Local\{3854974C-D01A-4F55-B4A7-ABAAE1A01FC5}
2014-05-10 17:01 - 2014-08-24 13:47 - 0034800 _____ () C:\ProgramData\nvModes.001
2014-05-10 17:01 - 2014-08-24 13:47 - 0034800 _____ () C:\ProgramData\nvModes.dat

Some files in TEMP:
====================
C:\Users\Rijo\AppData\Local\Temp\Quarantine.exe
C:\Users\Rijo\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-09 09:42

==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015
Ran by Rijo at 2015-07-09 09:56:27
Running from C:\Users\Rijo\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2435575737-2959328486-3478796703-500 - Administrator - Disabled)
Gast (S-1-5-21-2435575737-2959328486-3478796703-501 - Limited - Enabled)
Rijo (S-1-5-21-2435575737-2959328486-3478796703-1000 - Administrator - Enabled) => C:\Users\Rijo
UpdatusUser (S-1-5-21-2435575737-2959328486-3478796703-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Online (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Online (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Online (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Reader X (10.1.14) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AudioCon (HKLM\...\AudioCon) (Version: 1.0 - Basement Softworks)
AVIedit 3.39 (HKLM\...\AVIedit 3.39) (Version: - )
BCL easyConverter 3.0 Licensing Module (BCL License) (Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Loader SDK Module (Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Module (Loader, BCL License) (Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Module (RTF, BCL License) (Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 RTF SDK Module (Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 SDK Module (Version: 3.0.18 - BCL Technologies) Hidden
Brother MFL-Pro Suite DCP-195C (HKLM\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
calibre (HKLM\...\{AB116F72-C91A-40F2-A25A-949B5D065EBB}) (Version: 2.3.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CrystalDiskInfo 6.1.14 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.1.14 - Crystal Dew World)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Driver (HKLM\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version: - TCL Commumication Technology Holdings Limited)
Formatierungstool für Amazon Produktbeschreibungen 1 (HKLM\...\Formatierungstool für Amazon Produktbeschreibungen) (Version: 1 - )
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Video Editor version 1.4.12.415 (HKLM\...\Free Video Editor_is1) (Version: 1.4.12.415 - DVDVideoSoft Ltd.)
FUJIFILM MyFinePix Studio 3.1 (HKLM\...\MyFinePix Studio_is1) (Version: - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Hamster Free EbookConverter (HKLM\...\{441AC599-200D-4E04-B274-C6B7B50C281D}_is1) (Version: 1.2.4.58 - HamsterSoft)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kindle Kids' Book Creator (HKU\S-1-5-21-2435575737-2959328486-3478796703-1000\...\KKBC) (Version: 1.000 - Amazon)
KindlePreviewer (HKU\S-1-5-21-2435575737-2959328486-3478796703-1000\...\KindlePreviewer) (Version: 2.94 - Amazon)
MAGIX Foto Designer 7 (HKLM\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG)
MAGIX Foto Designer 7 (Version: 7.0.1.1 - MAGIX AG) Hidden
MAGIX FunPix Maker 1.0.0.0 (D) (HKLM\...\MAGIX FunPix Maker D) (Version: 1.0.0.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Word 2003 (HKLM\...\{901B0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
msxml4 (HKLM\...\{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}) (Version: 1.0.0 - Default Company Name)
Norton 360 (HKLM\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9621 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PC Connectivity Solution (HKLM\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF2Word Converter Version 1.1.0 (Build 164) (HKLM\...\PDF2Word Converter_is1) (Version: PDF2Word Converter - Version 1.1.0 (Build 164) - Th. Hodes Software)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
Prey Anti-Theft (Version: 1.3.8 - Prey, Inc.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rossmann Fotowelt Software 4.13 (HKLM\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
ScanSoft PaperPort 11 (HKLM\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Sigil 0.7.4 (HKLM\...\Sigil_is1) (Version: - John Schember)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version: - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2435575737-2959328486-3478796703-1000_Classes\CLSID\{503E492B-C90C-4E23-842B-EB05CDA61DC9}\InprocServer32 -> No Filepath

==================== Restore Points =========================

07-06-2015 09:01:48 Geplanter Prüfpunkt
11-06-2015 14:27:15 Geplanter Prüfpunkt
12-06-2015 13:50:12 Geplanter Prüfpunkt
12-06-2015 17:27:44 Gerätetreiber-Paketinstallation: MediaTek Inc. Anschlüsse (COM & LPT)
22-06-2015 06:42:53 Norton_Power_Eraser_20150622064253386
27-06-2015 08:29:27 Geplanter Prüfpunkt
29-06-2015 16:35:45 Geplanter Prüfpunkt
30-06-2015 09:54:36 First Restore Point
30-06-2015 09:57:40 Gerätetreiber-Paketinstallation: Kaspersky Lab Netzwerkdienst
30-06-2015 10:18:40 First Restore Point
30-06-2015 10:20:38 First Restore Point
02-07-2015 00:52:46 First Restore Point
02-07-2015 00:58:02 Gerätetreiber-Paketinstallation: Kaspersky Lab Netzwerkdienst
02-07-2015 00:59:29 Gerätetreiber-Paketinstallation: Kaspersky Lab
02-07-2015 00:59:46 Gerätetreiber-Paketinstallation: Kaspersky Lab Systemgeräte
02-07-2015 05:19:56 First Restore Point
02-07-2015 05:23:03 Gerätetreiber-Paketinstallation: Kaspersky Lab Netzwerkdienst
02-07-2015 05:23:50 Gerätetreiber-Paketinstallation: Kaspersky Lab
02-07-2015 05:24:15 Gerätetreiber-Paketinstallation: Kaspersky Lab Systemgeräte
02-07-2015 09:42:47 First Restore Point
02-07-2015 09:43:51 Gerätetreiber-Paketinstallation: Kaspersky Lab Systemgeräte
02-07-2015 09:45:09 First Restore Point
06-07-2015 22:06:04 Geplanter Prüfpunkt
08-07-2015 04:48:31 Geplanter Prüfpunkt
08-07-2015 18:24:17 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E7C1C52-67E4-4E0D-903B-5CC59112E983} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2035976B-2BDF-4C10-948D-8622200A4A89} - System32\Tasks\{40B34E3C-719A-4DA7-91F3-178DA7242B4C} => pcalua.exe -a "C:\Program Files\Google\Chrome\Application\38.0.2125.111\Installer\setup.exe" -c --uninstall --multi-install --chrome --system-level
Task: {2A259EA6-0951-41B6-9BB3-B4159FBBA988} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {364FD613-03D6-4CC0-8C09-3DF08132F0C6} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {36DCDDBB-F5A1-407A-BC63-2D774DB76CD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-10] (Google Inc.)
Task: {605BD295-B808-4911-BDBB-BD473998ECE3} - \WSE_Astromenda No Task File <==== ATTENTION
Task: {77E619C7-EE40-45AA-A0A7-E6912CDD43C0} - System32\Tasks\{A18959E3-F0A6-4FE3-A778-9CD3F7D7BD58} => pcalua.exe -a "C:\Users\Rijo\AppData\Roaming\Enigma Software Group\sh_installer.exe" -c -r sh
Task: {79F6EB6F-F1F7-47BF-BEDD-715BEEB80C0B} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A7F5F443-F6C1-4EB9-920C-9B455B525A79} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {AC37832C-5014-49B3-B0FB-D726ADA1717E} - System32\Tasks\{6A8C607C-3B4D-4350-AB6E-71F543AE3B95} => pcalua.exe -a "C:\Users\Rijo\AppData\Roaming\0V1L2Z2Z1T1I1L1T\Microsoft Picture it! 9.0 Packages\uninstaller.exe" -c /Uninstall /NM="Microsoft Picture it! 9.0 Packages" /AN="0V1L2Z2Z1T1I1L1T" /MBN="Microsoft Picture it! 9.0 Packages"
Task: {B3AA4E6E-7537-4D04-A8DF-7269AA9E94B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-10] (Google Inc.)
Task: {BB757E70-492B-4571-B56C-5420B4786A8D} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {E78E85ED-45FE-46F8-BA12-643740A02709} - System32\Tasks\{FA469661-408F-4F16-A5B3-7051937B71E8} => pcalua.exe -a "C:\Program Files\Google\Chrome\Application\40.0.2214.111\Installer\setup.exe" -c --uninstall --multi-install --chrome --system-level
Task: {F1E0FEDB-F50C-4923-BA57-C2100AB09585} - \SpyHunter4Startup No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-05-10 17:25 - 2009-01-09 17:10 - 00139264 _____ () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2015-06-01 19:28 - 2015-06-01 19:28 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-05-10 16:04 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-05-10 16:04 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2435575737-2959328486-3478796703-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rijo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: becldr3Service => 3
MSCONFIG\Services: CronService => 2
MSCONFIG\Services: FsUsbExService => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Motorola Device Manager => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\startupfolder: C:^Users^Rijo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /regrun
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{DE00A32D-F07B-43D5-A56D-2A506B3CC91B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{3583039A-E995-4DDC-ADB9-92BC5F41F697}] => (Allow) LPort=80
FirewallRules: [{5613A888-BFE3-44D2-91B5-3FEB316EB3D2}] => (Allow) LPort=80
FirewallRules: [{DE416E7E-A61F-4BC6-ABD1-A817C7253439}] => (Allow) LPort=80
FirewallRules: [{FAF7CE47-9EBF-4DAE-B409-532953017047}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B29C1DF7-3B49-4EF7-9DBF-9D99DFD190B2}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E6D4E911-1A17-474E-8186-19D7892A59E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0DD57D5F-2249-4084-8F92-2B02138E9349}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D64DFC38-0254-4B86-BEA7-DCA8692280F3}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{20A799AC-274E-4AFC-B5F4-32691365C9EF}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5569D46D-5A1E-4165-AEAA-CBA048F669DE}] => (Allow) C:\Windows\Prey\versions\1.3.9\bin\node.exe
FirewallRules: [{91D89A6D-8979-4591-9424-3DF38EAC36A0}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{3DE77891-BA6E-4407-B362-E6D048C08BC9}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{2CC1BB43-48D9-4B2E-AA08-5ED69236078E}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{66662472-497A-46EF-BAD1-5BC27FCABB35}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{5595970E-4A92-4855-8EB3-A1008E690FFD}] => (Allow) C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{1B3AB1B6-E3D5-4AF9-AB19-AC1F7EC44F54}] => (Allow) C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{99BDFB45-99D0-46DB-84DB-C6A1D0FD7688}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{397A835D-37A5-4FB8-BE23-44E8ADFB87A0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe] => Designer.exe

==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Webcam C170
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: DCP-195C
Description: DCP-195C
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Brother
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2015 02:59:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung chrome.exe, Version 43.0.2357.132, Zeitstempel 0x559b2699, fehlerhaftes Modul chrome.dll, Version 43.0.2357.132, Zeitstempel 0x559b2249, Ausnahmecode 0xc0000005, Fehleroffset 0x014c9f7b,
Prozess-ID 0x16a4, Anwendungsstartzeit chrome.exe0.

Error: (07/07/2015 11:04:22 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/07/2015 11:04:22 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/07/2015 11:04:22 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/07/2015 11:04:18 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/07/2015 11:04:12 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/07/2015 11:04:12 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/07/2015 11:04:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/07/2015 11:04:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/07/2015 11:04:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)


System errors:
=============
Error: (07/09/2015 01:03:17 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: 1Neustart des DienstsWindows Search%%1056

Error: (07/09/2015 01:02:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search2300001Neustart des Diensts

Error: (07/09/2015 01:02:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Softwarelizenzierung11200001Neustart des Diensts

Error: (07/09/2015 01:02:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Neustart des Diensts

Error: (07/09/2015 01:02:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: MBAMScheduler1

Error: (07/09/2015 01:02:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: MBAMService1

Error: (07/09/2015 01:02:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Druckwarteschlange1600001Neustart des Diensts

Error: (07/09/2015 01:02:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Machine Debug Manager1

Error: (07/09/2015 01:02:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: NVIDIA Display Driver Service1

Error: (07/08/2015 08:59:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: 1Neustart des DienstsWindows Search%%1056


Microsoft Office:
=========================
Error: (07/08/2015 02:59:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe43.0.2357.132559b2699chrome.dll43.0.2357.132559b2249c0000005014c9f7b16a401d0b8f8ca9837d7

Error: (07/07/2015 11:04:22 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ

Error: (07/07/2015 11:04:22 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ

Error: (07/07/2015 11:04:22 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ

Error: (07/07/2015 11:04:18 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ

Error: (07/07/2015 11:04:12 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ

Error: (07/07/2015 11:04:12 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ

Error: (07/07/2015 11:04:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ

Error: (07/07/2015 11:04:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ

Error: (07/07/2015 11:04:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\RIJO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ


CodeIntegrity Errors:
===================================
Date: 2015-07-09 09:59:34.399
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-09 09:59:34.249
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-09 09:59:34.009
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-09 09:59:33.844
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-09 09:59:33.626
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-09 09:59:33.447
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-09 09:56:11.357
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-09 09:56:11.230
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-09 09:56:11.102
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-09 09:56:10.974
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
Percentage of memory in use: 63%
Total physical RAM: 2046.64 MB
Available physical RAM: 737.33 MB
Total Virtual: 4333.32 MB
Available Virtual: 2163.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:282.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: C338BF42)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of log ===============

Alt 09.07.2015, 10:09   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Malware bei Facebook - Standard

Malware bei Facebook


Hi,

willst Du jetzt für jede Antwort ein neues Thema aufmachen??

Bleib bitte in diesem Thema!



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________
Antwort

Themen zu Malware bei Facebook
administrator, adobe, adware, browser, ccsetup, defender, error, esgscanner.sys, explorer, google, helper, home, installation, kaspersky, launch, malware, mozilla, neustart, registry, security, services.exe, software, svchost.exe, symantec, system, temp, windows, winlogon.exe, word 2003


« windows vista, mozilla startet nicht mehr | Malware bei Facebook »


Ähnliche Themen: Malware bei Facebook


  1. Malware bei Facebook
    Plagegeister aller Art und deren Bekämpfung - 16.07.2015 (17)
  2. Malware bei Facebook
    Log-Analyse und Auswertung - 09.07.2015 (6)
  3. 2x | Malware bei Facebook
    Mülltonne - 09.07.2015 (1)
  4. Malware bei Facebook
    Mülltonne - 09.07.2015 (1)
  5. Malware bei Facebook
    Plagegeister aller Art und deren Bekämpfung - 09.07.2015 (1)
  6. Facebook bereinigt zwei Millionen Computer von Malware
    Nachrichten - 24.06.2015 (0)
  7. Facebook: "Dein Computer muss gereinigt werden" (Virus/Malware?)
    Plagegeister aller Art und deren Bekämpfung - 12.11.2014 (11)
  8. Facebook-Malware, brwlrg113.z
    Plagegeister aller Art und deren Bekämpfung - 28.06.2014 (18)
  9. Malware über Facebook-PN?
    Smartphone, Tablet & Handy Security - 08.05.2014 (1)
  10. Facebook geperrt: Malware oder Trojaner verlangt Kreditkartenangaben zur Entsperrung des Accounts
    Plagegeister aller Art und deren Bekämpfung - 17.07.2013 (15)
  11. Facebook spielt verrückt; Malware ?
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (1)
  12. Facebook Malware durch: http://www.offisense.co.il/lang/images.php?facebookimage=...6704
    Plagegeister aller Art und deren Bekämpfung - 29.11.2011 (3)
  13. Facebook-Trojaner: vinamost.net/images/facebook/get.php?image=IMG39348819.JPG
    Log-Analyse und Auswertung - 21.11.2011 (42)
  14. Facebook Malware, Antivieren-Programme finden nichts - Wie werde ich sie los?
    Log-Analyse und Auswertung - 21.11.2011 (16)
  15. Facebook Trojaner runtergeladen und Antivir findet andauernd neue Malware
    Plagegeister aller Art und deren Bekämpfung - 01.11.2011 (18)
  16. Zuerst Facebook-Virus-Neu aufgesetzt,cpu Auslastung 100%,bei Facebook-Games extrem lahm!
    Log-Analyse und Auswertung - 03.02.2011 (11)
  17. Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php
    Plagegeister aller Art und deren Bekämpfung - 27.08.2010 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Malware bei Facebook - Code: Alles auswählen Aufklappen ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015 Ran by Rijo (administrator) on BÜCHER-PC on 09-07-2015 09:55:13 Running from C:\Users\Rijo\Desktop Loaded Profiles: - Malware bei Facebook...
Archiv
Du betrachtest: Malware bei Facebook auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131