Trojaner-Board - starker Virenverdacht, langsamer Rechner

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - starker Virenverdacht, langsamer Rechner (https://www.trojaner-board.de/158087-starker-virenverdacht-langsamer-rechner.html)

starker Virenverdacht, langsamer Rechner

hallo,

mein Rechner läuft seit einiger Zeit deutlich zu langsam, windows updates werden nicht korrekt installiert, mit der bitte um Unterstützung.

gruß boris

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014

Ran by Boris (administrator) on BORIS-PC on 29-08-2014 12:07:55

Running from C:\Users\Boris\Downloads

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 9

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

(SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\ResponseHardwareService.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Secunia) C:\Program Files\Secunia\PSI\psia.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe

(Secunia) C:\Program Files\Secunia\PSI\sua.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe

(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(SMART Technologies ULC.) C:\Program Files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\VantageService.exe

(SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe

(SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\DesktopMenu.exe

(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe

(Dropbox, Inc.) C:\Users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Joyent, Inc) C:\Program Files\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe

(Microsoft Corporation) C:\Windows\System32\conime.exe

(SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\ResponseSoftwareService.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4489216 2007-06-13] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)

HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [68640 2007-01-08] (Cyberlink Corp.)

HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [SMARTClassroomCoordinator.exe] => C:\Program Files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe [485232 2011-06-22] (SMART Technologies ULC.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [VantageService] => C:\Program Files\SMART Technologies\Education Software\VantageService.exe [190800 2013-03-07] (SMART Technologies)

HKLM\...\Run: [SMART Board Tools] => C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe [9279824 2013-01-31] (SMART Technologies ULC)

HKLM\...\Run: [sbsdk-server] => C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62800 2013-03-07] (SMART Technologies)

HKLM\...\Run: [SMART Board Service] => C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe [2111824 2013-03-07] (SMART Technologies)

HKLM\...\Run: [SMART SNMP Agent] => C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe [968528 2013-03-07] (SMART Technologies)

HKLM\...\Run: [SMART Ink] => C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe [99152 2013-03-04] (SMART Technologies)

HKLM\...\Run: [Response Desktop Menu] => C:\Program Files\SMART Technologies\Education Software\DesktopMenu.exe [1028944 2013-05-23] (SMART Technologies ULC)

HKLM\...\Run: [ResponseConnectorService] => C:\Program Files\SMART Technologies\Education Software\response-connector-server\NodeLauncher.exe [40448 2013-05-23] (SMART Technologies)

HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [688184 2012-02-15] (Sony Corporation)

HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

Startup: C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.samsungcomputer.com/

SearchScopes: HKLM - DefaultScope value is missing.

BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)

Toolbar: HKLM - SMART Sync - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files\SMART Technologies\Education Software\SyncIEToolbar.dll (SMART Technologies ULC.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris

FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml

FF DefaultSearchEngine: Google

FF SelectedSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll No File

FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Test Pilot - C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-11-02]

FF Extension: GMX MailCheck - C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\Extensions\toolbar@gmx.net.xpi [2012-10-16]

FF Extension: GMX MailCheck - C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris\Extensions\toolbar@gmx.net [2014-07-22]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-02]

FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 

Chrome: 

=======

CHR CustomProfile: C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1074480 2013-08-15] (Flexera Software LLC)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation)

R2 Response Hardware; C:\Program Files\SMART Technologies\Education Software\ResponseHardwareService.exe [20304 2013-05-23] (SMART Technologies ULC)

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()

S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [73728 2007-06-28] () [File not signed]

R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)

R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

R2 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [582992 2013-03-07] (SMART Technologies)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-04-16] (SAMSUNG ELECTRONICS CO., LTD.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)

R1 MpKslaa7ac15c; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7A3A0D51-EE3C-407D-8C2E-877E320D8B2F}\MpKslaa7ac15c.sys [39464 2014-08-29] (Microsoft Corporation)

S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed]

S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)

R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [8192 2013-03-07] (SMART Technologies)

R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [7680 2013-03-07] (SMART Technologies)

R3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [15872 2013-03-07] (SMART Technologies ULC)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 catchme; \??\C:\Users\Boris\AppData\Local\Temp\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 VMC302; System32\Drivers\VMC302.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-29 12:07 - 2014-08-29 12:08 - 00016864 _____ () C:\Users\Boris\Downloads\FRST.txt

2014-08-29 12:07 - 2014-08-29 12:08 - 00000000 ____D () C:\FRST

2014-08-29 12:06 - 2014-08-29 12:07 - 01095168 _____ (Farbar) C:\Users\Boris\Downloads\FRST.exe

2014-08-29 11:06 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-29 11:06 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-17 20:39 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-17 20:39 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-17 20:39 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-17 20:39 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-17 20:09 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-17 20:09 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-17 20:09 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-17 20:09 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2014-08-17 20:09 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-17 20:08 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-17 20:08 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-17 20:08 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2014-08-17 20:06 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-17 20:06 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-17 20:06 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-17 20:06 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-17 20:06 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-17 20:06 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-17 20:06 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-08-17 20:06 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-17 20:06 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-17 20:06 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-08-17 20:06 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-17 20:06 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-17 20:06 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-17 20:06 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-17 20:06 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-17 20:06 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-17 20:06 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-17 20:06 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-08-17 20:06 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-08-17 20:06 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-08-17 20:06 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-29 12:08 - 2014-08-29 12:07 - 00016864 _____ () C:\Users\Boris\Downloads\FRST.txt

2014-08-29 12:08 - 2014-08-29 12:07 - 00000000 ____D () C:\FRST

2014-08-29 12:07 - 2014-08-29 12:06 - 01095168 _____ (Farbar) C:\Users\Boris\Downloads\FRST.exe

2014-08-29 12:06 - 2012-07-30 16:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-29 11:40 - 2008-06-20 04:48 - 01353880 _____ () C:\Windows\WindowsUpdate.log

2014-08-29 11:15 - 2012-09-26 13:16 - 00000000 ___RD () C:\Users\Boris\Dropbox

2014-08-29 11:15 - 2012-09-26 13:13 - 00000000 ____D () C:\Users\Boris\AppData\Roaming\Dropbox

2014-08-29 11:14 - 2008-08-02 17:23 - 00000000 ____D () C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite

2014-08-29 11:12 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-29 11:12 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-29 11:12 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-29 11:11 - 2006-11-02 14:47 - 00394024 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-29 11:08 - 2008-04-16 01:00 - 00000012 _____ () C:\Windows\bthservsdp.dat

2014-08-29 11:08 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-08-23 03:03 - 2014-08-29 11:06 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 01:26 - 2014-08-29 11:06 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-17 22:00 - 2012-07-30 16:44 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-08-17 22:00 - 2012-07-30 16:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-08-17 21:56 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-08-17 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache

2014-08-17 21:43 - 2006-11-02 12:33 - 01566310 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-17 21:39 - 2012-09-26 13:16 - 00000925 _____ () C:\Users\Boris\Desktop\Dropbox.lnk

2014-08-17 21:39 - 2012-09-26 13:13 - 00000000 ____D () C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-08-17 21:31 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE

2014-08-17 20:45 - 2013-07-14 17:29 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-17 20:42 - 2006-11-02 12:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 

Some content of TEMP:

====================

C:\Users\Boris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6aeqtt.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-08-29 11:17
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:26-08-2014

Ran by Boris at 2014-08-29 12:08:53

Running from C:\Users\Boris\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)

Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)

Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)

Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - )

ATI Catalyst Install Manager (HKLM\...\{9DCC214C-CD1A-1115-6775-A9056185FE4E}) (Version: 3.0.664.0 - ATI Technologies, Inc.)

AVStation Now (HKLM\...\InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}) (Version: 4.0.10.6 - Ihr Firmenname)

AVStation Now (Version: 4.0.10.6 - Ihr Firmenname) Hidden

Catalyst Control Center - Branding (HKLM\...\{2433BAD7-453F-473D-BE81-455E68940DEB}) (Version: 1.00.0000 - ATI)

Catalyst Control Center Core Implementation (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Graphics Full New (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Graphics Light (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Chinese Standard (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Chinese Traditional (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Czech (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Danish (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Dutch (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Finnish (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization French (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization German (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Greek (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Hungarian (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Italian (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Japanese (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Korean (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Norwegian (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Polish (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Portuguese (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Russian (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Spanish (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Swedish (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Thai (Version: 2008.0318.2139.36886 - ATI) Hidden

Catalyst Control Center Localization Turkish (Version: 2008.0318.2139.36886 - ATI) Hidden

CCC Help Chinese Standard (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Chinese Traditional (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Czech (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Danish (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Dutch (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help English (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Finnish (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help French (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help German (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Greek (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Hungarian (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Italian (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Japanese (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Korean (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Norwegian (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Polish (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Portuguese (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Russian (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Spanish (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Swedish (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Thai (Version: 2008.0318.2138.36886 - ATI) Hidden

CCC Help Turkish (Version: 2008.0318.2138.36886 - ATI) Hidden

ccc-core-static (Version: 2008.0318.2139.36886 - Ihr Firmenname) Hidden

ccc-utility (Version: 2008.0318.2139.36886 - ATI) Hidden

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)

DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2103 - CyberLink Corporation)

Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.1 - )

Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)

Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Ihr Firmenname)

Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname) Hidden

Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.0.14 - )

imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD)

LabelPrint 2.0 (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version:  - )

LightScribe  1.8.15.1 (Version: 1.8.15.1 - hxxp://www.lightscribe.com) Hidden

Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation)

Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50701 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.50706 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU (Version: 10.0.50701 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50701 - Microsoft Corporation)

Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)

Pelikan Schulschriften (HKLM\...\Lateinische Ausgangsschrift LA_is1) (Version:  - Will Software)

Pelikan Schulschriften (HKLM\...\Vereinfachte Ausgangsschrift VA_is1) (Version:  - Will Software)

Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.47 - Ihr Firmenname)

Play AVStation (Version: 4.1.20.47 - Ihr Firmenname) Hidden

PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.1 - )

PlayMemories Home (HKLM\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.0.02.14151 - Sony Corporation)

Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )

PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version:  - )

PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2802.0 - CyberLink Corporation)

PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074429(3.7)_Vista_SSPC - CyberLink Corp.)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5433 - Realtek Semiconductor Corp.)

Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD)

Samsung Recovery Solution II (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 1.0.3.21 - Samsung)

Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.3.0.11 - Samsung Electronics Co., LTD)

Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden

Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)

Skins (Version: 2008.0318.2139.36886 - ATI) Hidden

SMART Common Files (HKLM\...\{9057211D-439A-4C0D-95DE-498CF54ADF8C}) (Version: 11.3.267.0 - SMART Technologies ULC)

SMART English (United Kingdom) Language Pack (HKLM\...\{2B2404AA-35DF-4BF3-A8F2-BAFC8F7174C5}) (Version: 11.2.29.0 - SMART Technologies ULC)

SMART German Language Pack (HKLM\...\{FE34C5E6-CC3D-4C26-969A-0C2CAFB34658}) (Version: 11.2.29.0 - SMART Technologies ULC)

SMART Ink (HKLM\...\{F0E390A2-AB03-4077-83C4-F12D3A65493D}) (Version: 1.1.549.1 - SMART Technologies ULC)

SMART Notebook (HKLM\...\{82E3F365-86BD-4EA8-80CA-F498EBE89537}) (Version: 11.2.637.0 - SMART Technologies ULC)

SMART Product Drivers (HKLM\...\{E91FBB79-D736-4834-A1AB-2A5CDD2DB7E7}) (Version: 11.1.669.0 - SMART Technologies ULC)

SMART Response Software (HKLM\...\{2D13D1AD-856F-4C63-BBF1-C2963197F4D0}) (Version: 4.6.962.0 - SMART Technologies ULC)

SMART Sync Teacher (HKLM\...\{9D81615E-B150-488B-90CA-1159E2113BE3}) (Version: 10.0.576.0 - SMART Technologies ULC)

SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)

Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )

VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)

WIDCOMM Bluetooth Software 6.0.1.5000 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.5000 - WIDCOMM, Inc.)

WINZD 2013-08 Rev. 2 (HKLM\...\WINZD_is1) (Version:  - R. Aquila, F. Ostermeier)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}\InprocServer32 -> C:\Users\Boris\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAB~1.DLL No File

CustomCLSID: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Boris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File

CustomCLSID: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Boris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File

CustomCLSID: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Boris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File

CustomCLSID: HKU\S-1-5-21-1411231321-3497987553-1682086313-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Boris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
 

==================== Restore Points  =========================
 

24-07-2014 07:53:30 Geplanter Prüfpunkt

24-07-2014 10:36:58 Windows Update

25-07-2014 12:31:21 Geplanter Prüfpunkt

26-07-2014 10:36:10 Geplanter Prüfpunkt

27-07-2014 11:45:35 Windows Update

28-07-2014 09:18:44 Geplanter Prüfpunkt

29-07-2014 16:18:15 Geplanter Prüfpunkt

30-07-2014 17:48:02 Geplanter Prüfpunkt

31-07-2014 14:14:36 Windows Update

01-08-2014 20:44:38 Geplanter Prüfpunkt

17-08-2014 18:14:29 Windows Update

17-08-2014 18:26:13 Windows Update

18-08-2014 22:42:41 Geplanter Prüfpunkt

19-08-2014 12:12:25 Geplanter Prüfpunkt

25-08-2014 20:00:29 Windows Update

27-08-2014 12:02:30 Geplanter Prüfpunkt

29-08-2014 08:02:02 Windows Update

29-08-2014 09:06:37 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1             localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {2A4D15FE-A6A3-431A-9B29-B99542F8855A} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-19] (Microsoft Corporation)

Task: {2AA082C7-4803-4954-B360-FF0E5BC76E68} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-01-02] (SAMSUNG Electronics co., LTD.)

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)

Task: {82583C58-CBA8-4AC1-A74E-8CE24ADE034E} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2007-12-28] (Samsung Electronics Co., Ltd.)

Task: {892E0D52-AE03-47D7-AF89-5B50DF16F46D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-17] (Adobe Systems Incorporated)

Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries

Task: {A9DAF8CD-A4DE-4080-94AE-23539E23E9CD} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

Task: {E4CC2C7B-D48C-43CE-A8B2-271DF3EE05EC} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()

Task: {E99D3AFB-F7A8-4342-83DF-318615AF5CEB} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)

Task: {EC7BFDA4-4533-4C92-95E6-2AFF5B0DDB81} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-05] (Samsung Electronics Co., Ltd.)

Task: {F8A5340B-69BF-4AEE-9F50-6E30203EF659} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2007-06-01] (SAMSUNG Electronics)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2012-12-11 20:18 - 2012-12-11 20:18 - 02364840 _____ () C:\Windows\WinSxS\x86_smarttech.xqilla.vc100.1.1_9ca15c999435ee05_1.0.1.0_none_1bed397492abdaf4\xqilla-vc100-1_0.dll

2012-12-11 20:11 - 2012-12-11 20:11 - 00066976 _____ () C:\Windows\WinSxS\x86_smarttech.zlib.vc100.1.2_9ca15c999435ee05_1.0.1.0_none_a9eddec61c291613\zlib1-vc100-mt-1.2.dll

2012-12-11 20:11 - 2012-12-11 20:11 - 02310056 _____ () C:\Windows\WinSxS\x86_smarttech.redland.vc100.1.0_9ca15c999435ee05_1.0.1.0_none_abdcef110f80cf28\redland-vc100-1_0_9.dll

2012-12-11 20:10 - 2012-12-11 20:10 - 00051120 _____ () C:\Windows\WinSxS\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll

2012-12-11 20:10 - 2012-12-11 20:10 - 00145328 _____ () C:\Windows\WinSxS\x86_smarttech.boost_filesystem.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_73736a4543634e09\boost_filesystem-vc100-mt-1_44.dll

2012-12-11 20:11 - 2012-12-11 20:11 - 00022440 _____ () C:\Windows\WinSxS\x86_smarttech.boost_system.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_3b5a2197c9e04a1f\boost_system-vc100-mt-1_44.dll

2012-12-11 20:11 - 2012-12-11 20:11 - 00054184 _____ () C:\Windows\WinSxS\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll

2012-12-11 20:10 - 2012-12-11 20:11 - 00053680 _____ () C:\Windows\WinSxS\x86_smarttech.boost_signals.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_8ce60f5e6bc42419\boost_signals-vc100-mt-1_44.dll

2008-04-16 01:22 - 2006-12-19 15:23 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe

2008-04-15 07:40 - 2008-03-18 15:04 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll

2008-04-16 03:14 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll

2008-04-16 01:43 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll

2008-04-16 01:37 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

2008-04-16 01:37 - 2006-09-19 02:52 - 00028672 _____ () C:\Program Files\Samsung\Easy Display Manager\WinMove.dll

2012-12-11 20:41 - 2012-12-11 20:41 - 02996648 _____ () C:\Windows\WinSxS\x86_smarttech.xqilla.vc100.2.1_9ca15c999435ee05_1.0.1.0_none_1bed22ac92abf495\xqilla21.dll

2011-06-22 09:19 - 2011-06-22 09:19 - 00070656 _____ () C:\Program Files\SMART Technologies\Education Software\libLogger-vc100-2_0.dll

2012-12-11 20:11 - 2012-12-11 20:11 - 00948128 _____ () C:\Windows\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_none_421d23a1fa0a055d\QtNetwork4.dll

2012-12-11 20:11 - 2012-12-11 20:11 - 02296736 _____ () C:\Windows\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_none_421d23a1fa0a055d\QtCore4.dll

2012-12-11 20:11 - 2012-12-11 20:11 - 08266656 _____ () C:\Windows\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_none_421d23a1fa0a055d\QtGui4.dll

2012-12-11 20:10 - 2012-12-11 20:10 - 00524712 _____ () C:\Windows\WinSxS\x86_smarttech.boost_regex.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_cae4ebd2526cf46f\boost_regex-vc100-mt-1_44.dll

2013-08-15 21:43 - 2013-08-15 21:43 - 01488264 _____ () C:\Windows\WinSxS\x86_smarttech.activation2.vc100.1.0_37a8c5fef6a21868_1.0.5.0_none_00c39a87f368724c\activation2-vc100-mt-s-x86.dll

2007-04-24 11:32 - 2007-04-24 11:32 - 00389120 _____ () C:\Windows\system32\btwhidcs.DLL

2014-08-29 11:15 - 2014-08-29 11:15 - 00043008 _____ () c:\users\boris\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6aeqtt.dll

2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Boris\AppData\Roaming\Dropbox\bin\libcef.dll

2013-03-07 16:40 - 2013-03-07 16:40 - 00458064 _____ () C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node

2013-03-07 16:40 - 2013-03-07 16:40 - 00036688 _____ () C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node

2008-03-18 05:21 - 2008-03-18 05:21 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

2012-12-11 20:18 - 2012-12-11 20:18 - 01030048 _____ () C:\Windows\WinSxS\x86_smarttech.js.vc70.1.8_37a8c5fef6a21868_1.0.2.1_none_e909cd048128eadf\js32.dll

2013-05-23 16:08 - 2013-05-23 16:08 - 00460800 _____ () C:\Program Files\SMART Technologies\Education Software\ziparchive-vc100-3_1_1a.dll

2014-07-22 18:28 - 2014-07-22 18:28 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (08/29/2014 08:59:43 AM) (Source: EventSystem) (EventID: 4621) (User: )

Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 

Error: (08/26/2014 04:20:36 PM) (Source: EventSystem) (EventID: 4621) (User: )

Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 

Error: (08/26/2014 09:05:48 AM) (Source: EventSystem) (EventID: 4621) (User: )

Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 

Error: (08/25/2014 11:47:12 PM) (Source: EventSystem) (EventID: 4621) (User: )

Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 

Error: (08/19/2014 00:43:28 AM) (Source: EventSystem) (EventID: 4621) (User: )

Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 

Error: (08/18/2014 03:18:41 AM) (Source: EventSystem) (EventID: 4621) (User: )

Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 

Error: (08/18/2014 03:18:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Eintrag <C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.
 

Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
 

Error: (08/18/2014 03:18:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Eintrag <C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.
 

Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
 

Error: (08/18/2014 03:18:08 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Eintrag <C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.
 

Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
 

Error: (08/18/2014 03:18:08 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Eintrag <C:\USERS\BORIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BK86VV7L.BORIS\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.
 

Kontext:  Anwendung, SystemIndex Katalog
 
 

Details:

        Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
 
 

System errors:

=============

Error: (08/29/2014 11:15:24 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}
 

Error: (08/29/2014 11:12:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Parallel port driver%%1058
 

Error: (08/29/2014 10:10:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: 0x80070643Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.183.889.0){FC80FACF-617A-44DC-A9B8-E0D3E98ABF8C}201
 

Error: (08/29/2014 10:09:15 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
 

        Neue Signaturversion: 
 

        Vorherige Signaturversion: 0.0.0.0
 

        Aktualisierungsquelle: %NT-AUTORITÄT51
 

        Aktualisierungsphase: 4.5.0216.00
 

        Quellpfad: 4.5.0216.01
 

        Signaturtyp: %NT-AUTORITÄT602
 

        Aktualisierungstyp: %NT-AUTORITÄT604
 

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST
 

        Aktuelle Modulversion: %NT-AUTORITÄT605
 

        Vorherige Modulversion: %NT-AUTORITÄT606
 

        Fehlercode: %NT-AUTORITÄT607
 

        Fehlerbeschreibung: %NT-AUTORITÄT608
 

Error: (08/29/2014 10:08:53 AM) (Source: Microsoft Antimalware) (EventID: 2003) (User: )

Description: Beim Aktualisieren des Moduls wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
 

        Neue Modulversion: 
 

        Vorherige Modulversion: 
 

        Modultyp: %NT-AUTORITÄT604
 

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST
 

        Fehlercode: %NT-AUTORITÄT601
 

        Fehlerbeschreibung: %NT-AUTORITÄT602
 

Error: (08/29/2014 10:08:53 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
 

        Neue Signaturversion: 
 

        Vorherige Signaturversion: 
 

        Aktualisierungsquelle: %NT-AUTORITÄT15

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Code:

ComboFix 14-08-29.03 - Boris 30.08.2014  20:45:54.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1436 [GMT 2:00]

ausgeführt von:: c:\users\Boris\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-07-28 bis 2014-08-30  ))))))))))))))))))))))))))))))

.

.

2014-08-30 19:14 . 2014-08-30 19:14        --------        d-----w-        c:\users\Public\AppData\Local\temp

2014-08-30 19:14 . 2014-08-30 19:14        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-08-30 18:38 . 2014-08-21 02:44        8581864        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB4E1C2D-312E-477A-863A-B60D2FEBD081}\mpengine.dll

2014-08-29 10:07 . 2014-08-29 10:10        --------        d-----w-        C:\FRST

2014-08-29 09:06 . 2014-08-22 23:26        2054656        ----a-w-        c:\windows\system32\win32k.sys

2014-08-29 09:06 . 2014-08-23 01:03        297984        ----a-w-        c:\windows\system32\gdi32.dll

2014-08-29 08:03 . 2014-08-21 02:44        8581864        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-08-17 18:39 . 2014-06-26 22:17        99480        ----a-w-        c:\windows\system32\infocardapi.dll

2014-08-17 18:39 . 2014-06-26 22:17        8856        ----a-w-        c:\windows\system32\icardres.dll

2014-08-17 18:39 . 2014-06-26 22:17        619664        ----a-w-        c:\windows\system32\icardagt.exe

2014-08-17 18:39 . 2014-06-06 04:28        35480        ----a-w-        c:\windows\system32\TsWpfWrp.exe

2014-08-17 18:09 . 2014-06-02 10:31        2263552        ----a-w-        c:\windows\system32\msi.dll

2014-08-17 18:09 . 2014-06-02 10:30        1993728        ----a-w-        c:\windows\system32\authui.dll

2014-08-17 18:09 . 2014-06-02 08:56        82432        ----a-w-        c:\windows\system32\consent.exe

2014-08-17 18:09 . 2014-06-02 10:31        332800        ----a-w-        c:\windows\system32\msihnd.dll

2014-08-17 18:09 . 2014-06-02 10:30        33280        ----a-w-        c:\windows\system32\appinfo.dll

2014-08-17 18:08 . 2014-06-14 00:44        638400        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys

2014-08-17 18:08 . 2014-06-14 00:33        37376        ----a-w-        c:\windows\system32\cdd.dll

2014-08-17 18:08 . 2014-07-08 00:46        2048        ----a-w-        c:\windows\system32\tzres.dll

2014-08-03 09:53 . 2014-08-03 09:53        188304        ----a-w-        c:\program files\Mozilla Firefox\plugins\nppdf32.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-08-17 20:00 . 2012-07-30 14:44        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2014-08-17 20:00 . 2012-07-30 14:44        699568        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2014-07-19 15:09 . 2014-07-03 15:24        110296        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-06-06 08:59 . 2014-07-10 17:13        506880        ----a-w-        c:\windows\system32\qedit.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]

"SMARTClassroomCoordinator.exe"="c:\program files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe" [2011-06-22 485232]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"VantageService"="c:\program files\SMART Technologies\Education Software\VantageService.exe" [2013-03-07 190800]

"SMART Board Tools"="c:\program files\SMART Technologies\Education Software\SMARTBoardTools.exe" [2013-01-31 9279824]

"sbsdk-server"="c:\program files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe" [2013-03-07 62800]

"SMART Board Service"="c:\program files\SMART Technologies\Education Software\SMARTBoardService.exe" [2013-03-07 2111824]

"SMART SNMP Agent"="c:\program files\SMART Technologies\Education Software\SMARTSNMPAgent.exe" [2013-03-07 968528]

"SMART Ink"="c:\program files\SMART Technologies\Education Software\SMARTInk.exe" [2013-03-04 99152]

"Response Desktop Menu"="c:\program files\SMART Technologies\Education Software\DesktopMenu.exe" [2013-05-23 1028944]

"ResponseConnectorService"="c:\program files\SMART Technologies\Education Software\response-connector-server\NodeLauncher.exe" [2013-05-23 40448]

"PMBVolumeWatcher"="c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-15 688184]

.

c:\users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-8-15 36414752]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-12-6 565464]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"NoHotStart"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableSecureUIAPath"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-07-18 08:53        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

2014-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 20:00]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.samsungcomputer.com/

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris\

FF - prefs.js: browser.search.selectedEngine - Google

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Boris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Boris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

ShellIconOverlayIdentifiers-{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Boris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

ShellIconOverlayIdentifiers-{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Boris\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

ShellIconOverlayIdentifiers-{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2014-08-30 21:14

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MWAC]

"ImagePath"="\??\c:\windows\system32\drivers\"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(5096)

c:\windows\system32\btmmhook.dll

.

Zeit der Fertigstellung: 2014-08-30  21:16:29

ComboFix-quarantined-files.txt  2014-08-30 19:16

.

Vor Suchlauf: 14 Verzeichnis(se), 51.553.718.272 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 52.110.118.912 Bytes frei

.

- - End Of File - - 46D71968A2664A832AC5193283EBB95D

61A349592C4728853F4A90FF78F7628E

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Code:

# AdwCleaner v3.308 - Bericht erstellt am 31/08/2014 um 13:47:43

# Aktualisiert 20/08/2014 von Xplode

# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# Benutzername : Boris - BORIS-PC

# Gestartet von : C:\Users\Boris\Downloads\adwcleaner_3.308.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
 

***** [ Browser ] *****
 

-\\ Internet Explorer v9.0.8112.16563
 
 

-\\ Mozilla Firefox v31.0 (x86 de)
 

[ Datei : C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris\prefs.js ]
 
 

[ Datei : C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\prefs.js ]
 
 

-\\ Google Chrome v
 

*************************
 

AdwCleaner[R0].txt - [1276 octets] - [31/08/2014 13:46:29]

AdwCleaner[S0].txt - [1114 octets] - [31/08/2014 13:47:43]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1174 octets] ##########

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 31.08.2014

Suchlauf-Zeit: 13:19:57

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.2.1012

Malware Datenbank: v2014.08.31.02

Rootkit Datenbank: v2014.08.21.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Self-protection: Deaktiviert
 

Betriebssystem: Windows Vista Service Pack 2

CPU: x86

Dateisystem: NTFS

Benutzer: Boris
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 294059

Verstrichene Zeit: 18 Min, 38 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristics: Aktiviert

PUP: Warnen

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 0

(No malicious items detected)
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 0

(No malicious items detected)
 

Ordner: 0

(No malicious items detected)
 

Dateien: 0

(No malicious items detected)
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.3 (03.23.2014:1)

OS: Windows Vista (TM) Home Premium x86

Ran by Boris on 31.08.2014 at 14:07:33,90

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Successfully deleted: [Folder] C:\Users\Boris\AppData\Roaming\mozilla\firefox\profiles\bk86vv7l.boris\extensions\toolbar@gmx.net

Emptied folder: C:\Users\Boris\AppData\Roaming\mozilla\firefox\profiles\bk86vv7l.boris\minidumps [69 fil

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014

Ran by Boris (administrator) on BORIS-PC on 31-08-2014 14:16:17

Running from C:\Users\Boris\Downloads

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 9

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe

(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe

(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(SMART Technologies ULC.) C:\Program Files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\VantageService.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe

(SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\DesktopMenu.exe

(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe

(Dropbox, Inc.) C:\Users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Microsoft Corporation) C:\Windows\System32\conime.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

(SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\ResponseHardwareService.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Joyent, Inc) C:\Program Files\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\ResponseSoftwareService.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe

(Secunia) C:\Program Files\Secunia\PSI\sua.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe

(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe

(Farbar) C:\Users\Boris\Downloads\FRST(1).exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4489216 2007-06-13] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)

HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [68640 2007-01-08] (Cyberlink Corp.)

HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [SMARTClassroomCoordinator.exe] => C:\Program Files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe [485232 2011-06-22] (SMART Technologies ULC.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [VantageService] => C:\Program Files\SMART Technologies\Education Software\VantageService.exe [190800 2013-03-07] (SMART Technologies)

HKLM\...\Run: [SMART Board Tools] => C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe [9279824 2013-01-31] (SMART Technologies ULC)

HKLM\...\Run: [sbsdk-server] => C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62800 2013-03-07] (SMART Technologies)

HKLM\...\Run: [SMART Board Service] => C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe [2111824 2013-03-07] (SMART Technologies)

HKLM\...\Run: [SMART SNMP Agent] => C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe [968528 2013-03-07] (SMART Technologies)

HKLM\...\Run: [SMART Ink] => C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe [99152 2013-03-04] (SMART Technologies)

HKLM\...\Run: [Response Desktop Menu] => C:\Program Files\SMART Technologies\Education Software\DesktopMenu.exe [1028944 2013-05-23] (SMART Technologies ULC)

HKLM\...\Run: [ResponseConnectorService] => C:\Program Files\SMART Technologies\Education Software\response-connector-server\NodeLauncher.exe [40448 2013-05-23] (SMART Technologies)

HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [688184 2012-02-15] (Sony Corporation)

HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

Startup: C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.samsungcomputer.com/

BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)

Toolbar: HKLM - SMART Sync - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files\SMART Technologies\Education Software\SyncIEToolbar.dll (SMART Technologies ULC.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris

FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml

FF DefaultSearchEngine: Google

FF SelectedSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll No File

FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Test Pilot - C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-11-02]

FF Extension: GMX MailCheck - C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\Extensions\toolbar@gmx.net.xpi [2012-10-16]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-02]

FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 

Chrome: 

=======

CHR CustomProfile: C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1074480 2013-08-15] (Flexera Software LLC)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation)

R2 Response Hardware; C:\Program Files\SMART Technologies\Education Software\ResponseHardwareService.exe [20304 2013-05-23] (SMART Technologies ULC)

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()

S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [73728 2007-06-28] () [File not signed]

S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)

R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

R2 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [582992 2013-03-07] (SMART Technologies)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-04-16] (SAMSUNG ELECTRONICS CO., LTD.)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-31] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)

S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed]

S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)

S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)

R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [8192 2013-03-07] (SMART Technologies)

R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [7680 2013-03-07] (SMART Technologies)

R3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [15872 2013-03-07] (SMART Technologies ULC)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 catchme; \??\C:\Users\Boris\AppData\Local\Temp\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 VMC302; System32\Drivers\VMC302.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-31 14:16 - 2014-08-31 14:16 - 01096192 _____ (Farbar) C:\Users\Boris\Downloads\FRST(1).exe

2014-08-31 14:11 - 2014-08-31 14:11 - 00000917 _____ () C:\Users\Boris\Desktop\JRT.txt

2014-08-31 14:01 - 2014-08-31 14:01 - 01016261 _____ (Thisisu) C:\Users\Boris\Downloads\JRT.exe

2014-08-31 13:46 - 2014-08-31 13:47 - 00000000 ____D () C:\AdwCleaner

2014-08-31 13:45 - 2014-08-31 13:45 - 01364531 _____ () C:\Users\Boris\Downloads\adwcleaner_3.308.exe

2014-08-31 13:42 - 2014-08-31 13:42 - 00001160 _____ () C:\mbam.txt

2014-08-31 13:17 - 2014-08-31 13:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Boris\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-30 21:16 - 2014-08-30 21:16 - 00010392 _____ () C:\ComboFix.txt

2014-08-30 20:43 - 2014-08-30 21:16 - 00000000 ____D () C:\ComboFix

2014-08-30 20:43 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-08-30 20:43 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-08-30 20:43 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-08-30 20:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-08-30 20:43 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-08-30 20:43 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-08-30 20:43 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-08-30 20:43 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-08-30 20:39 - 2014-08-30 21:16 - 00000000 ____D () C:\Qoobox

2014-08-30 20:37 - 2014-08-30 20:38 - 05576760 ____R (Swearware) C:\Users\Boris\Downloads\ComboFix.exe

2014-08-29 12:08 - 2014-08-29 12:10 - 00038075 _____ () C:\Users\Boris\Downloads\Addition.txt

2014-08-29 12:07 - 2014-08-31 14:16 - 00016806 _____ () C:\Users\Boris\Downloads\FRST.txt

2014-08-29 12:07 - 2014-08-31 14:16 - 00000000 ____D () C:\FRST

2014-08-29 12:06 - 2014-08-29 12:07 - 01095168 _____ (Farbar) C:\Users\Boris\Downloads\FRST.exe

2014-08-29 11:06 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-29 11:06 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-17 20:39 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-17 20:39 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-17 20:39 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-17 20:39 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-17 20:09 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-17 20:09 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-17 20:09 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-17 20:09 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2014-08-17 20:09 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-17 20:08 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-17 20:08 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-17 20:08 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2014-08-17 20:06 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-17 20:06 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-17 20:06 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-17 20:06 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-17 20:06 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-17 20:06 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-17 20:06 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-08-17 20:06 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-17 20:06 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-17 20:06 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-08-17 20:06 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-17 20:06 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-17 20:06 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-17 20:06 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-17 20:06 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-17 20:06 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-17 20:06 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-17 20:06 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-08-17 20:06 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-08-17 20:06 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-08-17 20:06 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-31 14:16 - 2014-08-31 14:16 - 01096192 _____ (Farbar) C:\Users\Boris\Downloads\FRST(1).exe

2014-08-31 14:16 - 2014-08-29 12:07 - 00016806 _____ () C:\Users\Boris\Downloads\FRST.txt

2014-08-31 14:16 - 2014-08-29 12:07 - 00000000 ____D () C:\FRST

2014-08-31 14:11 - 2014-08-31 14:11 - 00000917 _____ () C:\Users\Boris\Desktop\JRT.txt

2014-08-31 14:08 - 2008-06-20 04:48 - 01417167 _____ () C:\Windows\WindowsUpdate.log

2014-08-31 14:07 - 2012-09-26 13:16 - 00000000 ___RD () C:\Users\Boris\Dropbox

2014-08-31 14:07 - 2012-09-26 13:13 - 00000000 ____D () C:\Users\Boris\AppData\Roaming\Dropbox

2014-08-31 14:06 - 2012-07-30 16:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-31 14:04 - 2008-08-02 17:23 - 00000000 ____D () C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite

2014-08-31 14:04 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-31 14:04 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-31 14:04 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-31 14:03 - 2008-04-16 01:00 - 00000012 _____ () C:\Windows\bthservsdp.dat

2014-08-31 14:03 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-08-31 14:01 - 2014-08-31 14:01 - 01016261 _____ (Thisisu) C:\Users\Boris\Downloads\JRT.exe

2014-08-31 13:49 - 2008-04-16 03:27 - 00197352 _____ () C:\Windows\PFRO.log

2014-08-31 13:47 - 2014-08-31 13:46 - 00000000 ____D () C:\AdwCleaner

2014-08-31 13:45 - 2014-08-31 13:45 - 01364531 _____ () C:\Users\Boris\Downloads\adwcleaner_3.308.exe

2014-08-31 13:42 - 2014-08-31 13:42 - 00001160 _____ () C:\mbam.txt

2014-08-31 13:19 - 2014-07-03 17:24 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-31 13:18 - 2014-07-03 17:24 - 00000905 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-31 13:18 - 2014-07-03 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-31 13:18 - 2014-07-03 17:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-08-31 13:17 - 2014-08-31 13:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Boris\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-30 21:16 - 2014-08-30 21:16 - 00010392 _____ () C:\ComboFix.txt

2014-08-30 21:16 - 2014-08-30 20:43 - 00000000 ____D () C:\ComboFix

2014-08-30 21:16 - 2014-08-30 20:39 - 00000000 ____D () C:\Qoobox

2014-08-30 21:14 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini

2014-08-30 21:09 - 2014-04-12 12:03 - 00000000 ____D () C:\ProgramData\TEMP

2014-08-30 20:38 - 2014-08-30 20:37 - 05576760 ____R (Swearware) C:\Users\Boris\Downloads\ComboFix.exe

2014-08-29 12:10 - 2014-08-29 12:08 - 00038075 _____ () C:\Users\Boris\Downloads\Addition.txt

2014-08-29 12:07 - 2014-08-29 12:06 - 01095168 _____ (Farbar) C:\Users\Boris\Downloads\FRST.exe

2014-08-29 11:11 - 2006-11-02 14:47 - 00394024 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-23 03:03 - 2014-08-29 11:06 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 01:26 - 2014-08-29 11:06 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-17 22:00 - 2012-07-30 16:44 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-08-17 22:00 - 2012-07-30 16:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-08-17 21:56 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-08-17 21:51 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache

2014-08-17 21:43 - 2006-11-02 12:33 - 01566310 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-17 21:39 - 2012-09-26 13:16 - 00000925 _____ () C:\Users\Boris\Desktop\Dropbox.lnk

2014-08-17 21:39 - 2012-09-26 13:13 - 00000000 ____D () C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-08-17 21:31 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE

2014-08-17 20:45 - 2013-07-14 17:29 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-17 20:42 - 2006-11-02 12:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 

Some content of TEMP:

====================

C:\Users\Boris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgyvfvk.dll

C:\Users\Boris\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-08-31 14:11
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

hallo schrauber,

hier sind alle logs.
danke schon mal zwischenzeitlich.

gruß

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=8587809f51c2eb4b82932ffe0d0abe22

# engine=20073

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-09-09 05:15:53

# local_time=2014-09-09 07:15:53 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 14324111 81572975 0 0

# scanned=149309

# found=1

# cleaned=1

# scan_time=3554

sh=9F2B1AFD3D92595F25572C5263BB51CD349E6C1A ft=1 fh=3bbd4af7b9fc3449 vn="Variante von Win32/DomaIQ.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Boris\Downloads\zipper_V.788563.exe"

sorry,

hab wohl das nicht löschen übersehen

Code:

Results of screen317's Security Check version 0.99.87  

 Windows Vista Service Pack 2 x86 (UAC is enabled)  

 Internet Explorer 9  

 Internet Explorer 8  
 ``````````````Antivirus/Firewall Check:`````````````` 

Microsoft Security Essentials   

 Antivirus up to date!  
 `````````Anti-malware/Other Utilities Check:````````` 

 SpywareBlaster 5.0    

 Secunia PSI (3.0.0.9016)   

 Adobe Flash Player         14.0.0.179  

 Adobe Reader 10.1.11 Adobe Reader out of Date!  

 Mozilla Firefox (32.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 
 ````````````````````End of Log``````````````````````

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014

Ran by Boris (administrator) on BORIS-PC on 09-09-2014 20:03:35

Running from c:\Users\Boris\Downloads

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 9

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe

(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(SMART Technologies ULC.) C:\Program Files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\VantageService.exe

(SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe

(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe

(Dropbox, Inc.) C:\Users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Secunia) C:\Program Files\Secunia\PSI\psia.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe

(Joyent, Inc) C:\Program Files\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Secunia) C:\Program Files\Secunia\PSI\sua.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\System32\conime.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

() C:\Users\Boris\Downloads\SecurityCheck.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4489216 2007-06-13] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)

HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [68640 2007-01-08] (Cyberlink Corp.)

HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [SMARTClassroomCoordinator.exe] => C:\Program Files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe [485232 2011-06-22] (SMART Technologies ULC.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [VantageService] => C:\Program Files\SMART Technologies\Education Software\VantageService.exe [190800 2013-03-07] (SMART Technologies)

HKLM\...\Run: [SMART Board Tools] => C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe [9279824 2013-01-31] (SMART Technologies ULC)

HKLM\...\Run: [sbsdk-server] => C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62800 2013-03-07] (SMART Technologies)

HKLM\...\Run: [SMART Board Service] => C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe [2111824 2013-03-07] (SMART Technologies)

HKLM\...\Run: [SMART SNMP Agent] => C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe [968528 2013-03-07] (SMART Technologies)

HKLM\...\Run: [SMART Ink] => C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe [99152 2013-03-04] (SMART Technologies)

HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [688184 2012-02-15] (Sony Corporation)

HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

Startup: C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.samsungcomputer.com/

BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)

Toolbar: HKLM - SMART Sync - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files\SMART Technologies\Education Software\SyncIEToolbar.dll (SMART Technologies ULC.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\bk86vv7l.boris

FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml

FF DefaultSearchEngine: Google

FF SelectedSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentatio

so!:)

Adobe updaten.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.