|
Plagegeister aller Art und deren Bekämpfung: Hotmail verschickt SpamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.12.2014, 19:16 | #1 |
| Hotmail verschickt Spam Hallo ihr Lieben, ich bin etwas ratlos, daher habe ich mich hier angemeldet, vielleicht finde ich ja hier endlich eine Hilfe! Von meiner Email-Adresse (Hotmail) werden automatisch Spam Mails verschickt, die einen Link enthalten; an Adressen, die ich mal angeschrieben habe, die aber nicht in meinem Adressbuch sind. (Hab nämlich null Kontakte in meinem Adressbuch) Das Problem trat bereits vor einigen Monaten auf. Erst habe ich das nicht richtg beachtet, da es 2-3 Mails in zwei Monaten waren. Aber es taucht immer wieder auf und da hab ich mir Sorgen gemacht. Ich habe daraufhin mein Passwort geändert. Zwei Monate war dann auch nichts, aber jetzt leider wieder. Da bin ich auf euer Forum gestoßen und habe sehr ähnliche Fälle hier gesehen. Was kann ich jetzt tun? Ich habe leider gar keine Bekannte, die sich mit Trojanern etc. auskennen. Ich habe auch null Ahnung, wie ich vorgehen kann, bin leider die Sorte Frau, die sich in den Sachen echt nicht auskennt... Für Hilfe wäre ich sehr dankbar! |
12.12.2014, 19:33 | #2 |
/// the machine /// TB-Ausbilder | Hotmail verschickt Spam hi.
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
12.12.2014, 20:11 | #3 |
| Hotmail verschickt Spam Danke erst mal für die schnelle Antwort!
__________________Hier die Logdateien: FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 03 Ran by Karin (administrator) on KRYSTKOWIAK on 12-12-2014 19:57:28 Running from C:\Users\Karin\Downloads Loaded Profile: Karin (Available profiles: Karin & Rodzice) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-27] (Realtek Semiconductor) HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-01] (CyberLink Corp.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [NPSStartup] => [X] HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.) HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-909195022-2987603871-1801273306-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent HKU\S-1-5-21-909195022-2987603871-1801273306-1001\...\MountPoints2: {44081665-166a-11e3-825a-806e6f6e6963} - "E:\autorun.exe" ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 HKU\S-1-5-21-909195022-2987603871-1801273306-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4 HKU\S-1-5-21-909195022-2987603871-1801273306-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 SearchScopes: HKLM -> {96088B54-A627-45D4-AD07-2FB0771F6FBD} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {96088B54-A627-45D4-AD07-2FB0771F6FBD} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-909195022-2987603871-1801273306-1001 -> {96088B54-A627-45D4-AD07-2FB0771F6FBD} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-909195022-2987603871-1801273306-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\u42l5oxe.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\u42l5oxe.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\u42l5oxe.default\searchplugins\google-maps.xml FF Extension: Adblock Plus - C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\u42l5oxe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-04] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.) R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation) S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-03-25] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) U3 McAPExe; No ImagePath U3 McMPFSvc; No ImagePath U3 McNaiAnn; No ImagePath U3 mcpltsvc; No ImagePath U3 McProxy; No ImagePath U3 mfecore; No ImagePath U3 MSK80Service; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-12 19:57 - 2014-12-12 19:57 - 00017642 _____ () C:\Users\Karin\Downloads\FRST.txt 2014-12-12 19:57 - 2014-12-12 19:57 - 00000000 ____D () C:\FRST 2014-12-12 19:56 - 2014-12-12 19:56 - 02119680 _____ (Farbar) C:\Users\Karin\Downloads\FRST64.exe 2014-12-10 21:02 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2014-12-10 21:02 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2014-12-10 19:56 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 19:56 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 19:56 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 19:56 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-12-10 19:56 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 19:56 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-12-10 19:56 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 19:56 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-10 19:56 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 19:56 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-10 19:56 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-12-10 19:56 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-12-10 19:56 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 19:56 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 19:56 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 19:56 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-12-10 19:56 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-12-10 19:56 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-12-10 19:56 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 19:56 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 19:56 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 19:56 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 19:56 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 19:56 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 19:56 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-12-10 19:56 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 19:56 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-10 19:56 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-12-10 19:56 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 19:56 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-12-10 19:56 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 19:56 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 19:56 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 19:56 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 19:56 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-10 19:56 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 19:56 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 19:56 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-10 19:56 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-10 19:56 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 19:56 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 19:56 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2014-12-10 19:56 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys 2014-12-10 19:56 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys 2014-12-09 23:56 - 2014-12-09 23:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-08 14:39 - 2014-12-12 18:33 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForKarin.job 2014-12-08 14:39 - 2014-12-08 14:39 - 00003170 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKarin 2014-12-07 22:58 - 2014-12-07 22:58 - 00008700 _____ () C:\Users\Karin\AppData\Local\recently-used.xbel 2014-12-07 21:38 - 2014-12-07 21:38 - 00000281 _____ () C:\Users\Karin\AppData\Local\psppirerc 2014-12-03 14:24 - 2014-12-03 14:24 - 00000000 ____D () C:\Users\Karin\Desktop\Christkindlesmarkt 2014 2014-11-27 12:33 - 2014-11-27 12:33 - 00000000 __SHD () C:\Users\Karin\AppData\Local\EmieBrowserModeList 2014-11-24 15:27 - 2014-11-24 15:27 - 00000724 _____ () C:\Users\Karin\Downloads\Desktop - Verknüpfung.lnk 2014-11-19 12:45 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 12:45 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 12:45 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 12:45 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-16 16:03 - 2014-12-11 00:49 - 00002126 _____ () C:\Users\Karin\Desktop\nnnn.klf 2014-11-14 10:23 - 2014-11-14 10:23 - 00000000 ____D () C:\Users\Karin\AppData\Local\Microsoft Help 2014-11-12 23:19 - 2014-11-12 23:19 - 00001115 _____ () C:\Users\Public\Desktop\EDA - Filmdidaktik und Filmästhetik.lnk 2014-11-12 23:18 - 2014-11-12 23:19 - 00000000 ____D () C:\Users\Karin\Desktop\Filmdidaktik und Filmästhetik 2014-11-12 04:11 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 04:11 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-11-12 04:11 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-11-12 04:11 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 04:11 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 04:11 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-11-12 04:11 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2014-11-12 04:11 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-11-12 04:11 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 04:11 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 04:11 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-11-12 04:11 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 04:11 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-12 04:11 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2014-11-12 04:11 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2014-11-12 04:11 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 04:11 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-11-12 04:11 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 04:10 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-11-12 04:10 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-12 04:10 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-12 04:10 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-11-12 04:10 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-11-12 04:10 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-11-12 04:10 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-11-12 04:10 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-11-12 04:09 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-11-12 04:09 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-11-12 04:09 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-11-12 04:09 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-11-12 04:09 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-11-12 04:09 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-11-12 04:09 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-11-12 04:09 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-11-12 04:09 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-11-12 04:09 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-11-12 04:09 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-11-12 04:09 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-11-12 04:09 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-11-12 04:09 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-11-12 04:09 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-11-12 04:09 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-11-12 04:08 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2014-11-12 04:08 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-11-12 04:08 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-11-12 04:08 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-11-12 04:08 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-11-12 04:08 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2014-11-12 04:08 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2014-11-12 04:06 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-11-12 04:06 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-12 04:06 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-11-12 04:06 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-11-12 04:06 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-12 04:06 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-12 04:06 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 04:06 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-12 04:06 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 04:06 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 04:06 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-11-12 04:06 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 04:06 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2014-11-12 04:06 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 04:06 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-12 04:06 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-12 04:06 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-11-12 04:06 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 04:06 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-12 04:06 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-11-12 04:06 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-11-12 04:06 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-11-12 04:06 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 04:06 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-12 04:06 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-11-12 04:06 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-11-12 04:06 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-11-12 04:06 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-11-12 04:06 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-11-12 04:06 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-11-12 04:06 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-11-12 04:06 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-11-12 04:06 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-11-12 04:06 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-12 04:06 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-12 04:06 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 04:06 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-12 04:06 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-11-12 04:06 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-12 04:06 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll 2014-11-12 04:06 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 04:06 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-12 04:06 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-11-12 04:06 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 04:06 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-12 04:06 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-11-12 04:06 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-11-12 04:06 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-11-12 04:06 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-12 04:06 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-11-12 04:06 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-11-12 04:06 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-11-12 04:06 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-11-12 04:05 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 04:05 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 04:05 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 04:05 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 04:05 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 04:05 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 04:05 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 04:05 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-11-12 04:05 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 04:05 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 04:05 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 04:05 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 04:05 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 04:05 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2014-11-12 04:05 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 04:05 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-11-12 04:05 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-11-12 04:05 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-11-12 04:05 - 2014-09-07 23:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml 2014-11-12 04:05 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-11-12 04:05 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-11-12 04:05 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2014-11-12 04:05 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-11-12 04:05 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2014-11-12 04:05 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2014-11-12 04:05 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-11-12 04:05 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-12 04:05 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-12 04:05 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll 2014-11-12 04:05 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll 2014-11-12 04:05 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-11-12 04:05 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-11-12 04:05 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-11-12 04:05 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-11-12 04:05 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-11-12 04:05 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-11-12 04:05 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 04:05 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-11-12 04:05 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-11-12 04:05 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 04:05 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2014-11-12 04:05 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2014-11-12 04:05 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-12 19:22 - 2014-03-01 11:40 - 02036080 _____ () C:\Windows\WindowsUpdate.log 2014-12-12 19:04 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-12-12 19:01 - 2014-03-01 12:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-12 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2014-12-12 18:43 - 2014-03-09 10:01 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-12-12 18:43 - 2014-03-09 10:00 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-12-12 18:40 - 2013-09-06 05:08 - 00801992 _____ () C:\Windows\system32\perfh007.dat 2014-12-12 18:40 - 2013-09-06 05:08 - 00174994 _____ () C:\Windows\system32\perfc007.dat 2014-12-12 18:40 - 2013-08-26 07:09 - 01924576 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-12 18:37 - 2014-05-01 23:17 - 00000000 ___RD () C:\Users\Karin\Desktop\uni 2014-12-12 18:36 - 2014-03-01 11:50 - 00000000 ____D () C:\Users\Karin\Documents\Youcam 2014-12-12 18:35 - 2014-03-01 11:51 - 00000000 __RDO () C:\Users\Karin\SkyDrive 2014-12-12 18:33 - 2014-03-01 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-12 18:33 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-12 18:33 - 2013-08-22 15:44 - 00519712 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-12 13:05 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-12-12 13:03 - 2014-03-04 11:22 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-12 13:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-12 13:01 - 2014-03-04 11:22 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-12 13:01 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-12-12 12:46 - 2014-03-01 12:43 - 00000000 ____D () C:\ProgramData\MFAData 2014-12-12 12:10 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-12-11 21:10 - 2014-03-05 22:36 - 01317376 ___SH () C:\Users\Karin\Desktop\Thumbs.db 2014-12-11 21:09 - 2014-03-01 12:15 - 00299008 ___SH () C:\Users\Karin\Downloads\Thumbs.db 2014-12-11 20:53 - 2014-03-01 11:54 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-909195022-2987603871-1801273306-1001 2014-12-11 00:49 - 2014-04-19 14:02 - 00000000 ____D () C:\Program Files (x86)\KaloMa 2014-12-10 00:01 - 2014-03-01 12:41 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-08 14:41 - 2014-03-01 11:48 - 00000000 ____D () C:\Users\Karin\AppData\Local\Packages 2014-12-08 14:29 - 2014-03-01 11:48 - 00000000 ____D () C:\Users\Karin 2014-12-07 23:08 - 2014-10-09 19:02 - 00000000 ____D () C:\Users\Karin\Desktop\HiWi 2014-12-07 22:58 - 2014-10-10 20:52 - 00008740 _____ () C:\Users\Karin\pspp.jnl 2014-12-05 11:17 - 2014-11-08 10:25 - 00000000 ____D () C:\Users\Karin\Desktop\kunstgeschichte 2014-12-04 15:33 - 2014-09-07 18:45 - 00000000 ____D () C:\Users\Rodzice 2014-12-02 23:03 - 2013-09-01 04:49 - 00000000 ____D () C:\SWSetup 2014-12-01 15:57 - 2014-10-20 23:14 - 00000000 ____D () C:\Users\Karin\Desktop\sse online 2014-11-26 22:10 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-26 22:10 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-24 13:15 - 2013-08-26 07:01 - 00057150 _____ () C:\Windows\PFRO.log 2014-11-23 14:14 - 2014-10-27 22:31 - 00000000 ____D () C:\Users\Karin\AppData\Local\gtk-2.0 2014-11-22 21:36 - 2014-07-23 20:05 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-11-16 14:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-11-16 14:14 - 2014-08-25 13:10 - 00000000 ___RD () C:\Users\Karin\Desktop\zdjecia 2014-11-16 13:21 - 2013-08-22 15:46 - 00048874 _____ () C:\Windows\setupact.log 2014-11-14 11:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2014-11-14 11:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-11-14 11:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-14 11:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-14 11:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-14 11:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-11-13 19:13 - 2014-10-12 01:09 - 00001004 _____ () C:\Users\Public\Desktop\AVG 2015.lnk 2014-11-13 19:13 - 2014-03-31 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-11-12 23:19 - 2014-03-03 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VHB - EDA Some content of TEMP: ==================== C:\Users\Karin\AppData\Local\Temp\COMAP.EXE C:\Users\Karin\AppData\Local\Temp\EAD6DD8.exe C:\Users\Karin\AppData\Local\Temp\EAD9384.exe C:\Users\Karin\AppData\Local\Temp\Extract.exe C:\Users\Karin\AppData\Local\Temp\GdiPlus.dll C:\Users\Karin\AppData\Local\Temp\InstallerMessageBox.exe C:\Users\Karin\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe C:\Users\Karin\AppData\Local\Temp\NPSInstallerProxy.exe C:\Users\Karin\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll C:\Users\Karin\AppData\Local\Temp\SP63341.exe C:\Users\Karin\AppData\Local\Temp\SP63599.exe C:\Users\Karin\AppData\Local\Temp\SP63878.exe C:\Users\Karin\AppData\Local\Temp\sp64126.exe C:\Users\Karin\AppData\Local\Temp\SP64339.exe C:\Users\Karin\AppData\Local\Temp\SP64569.exe C:\Users\Karin\AppData\Local\Temp\SP64854.exe C:\Users\Karin\AppData\Local\Temp\SP64881.exe C:\Users\Karin\AppData\Local\Temp\SP65168.exe C:\Users\Karin\AppData\Local\Temp\SP65782.exe C:\Users\Karin\AppData\Local\Temp\SP65792.exe C:\Users\Karin\AppData\Local\Temp\SP65793.exe C:\Users\Karin\AppData\Local\Temp\SP65796.exe C:\Users\Karin\AppData\Local\Temp\SP65880.exe C:\Users\Karin\AppData\Local\Temp\SP66078.exe C:\Users\Karin\AppData\Local\Temp\SP66604.exe C:\Users\Karin\AppData\Local\Temp\UninstallEADM.dll C:\Users\Karin\AppData\Local\Temp\UninstallHPSA.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-08 14:38 ==================== End Of Log ============================ Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2014 03 Ran by Karin at 2014-12-12 20:00:38 Running from C:\Users\Karin\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM\...\{5A3BF213-01BC-E5A1-1D1B-EDE3167852AB}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies) AVG 2015 (Version: 15.0.4235 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3202 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.3201 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts) Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts) Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts) Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts) EDA - Filmdidaktik und Filmästhetik (HKLM-x32\...\{71BC00CD-1C04-45A5-B1A4-E34DE7925215}) (Version: 30173 - ) Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Heroes of Might and Magic III - Złota Edycja (HKLM-x32\...\{2F95D723-72D2-425C-A238-367FF157B6EE}) (Version: 1.00 - Ubisoft) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company) HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd) HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{F5120027-B9BF-4A48-86E9-63F7F79A5263}) (Version: 1.1.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation) KaloMa 4.94 (HKLM-x32\...\KaloMa_is1) (Version: - Frank Böpple) Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4667.1002 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Ihr Firmenname) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.) Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden PSPP (HKLM-x32\...\PSPP) (Version: 0.8.4 - Free Software Foundation, Inc.) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.20 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7010 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-10-2014 20:26:17 Windows Update 09-11-2014 19:45:39 HPSF Applying updates 13-11-2014 02:58:34 Windows Update 19-11-2014 11:57:48 Windows Update 26-11-2014 21:17:58 Windows Update 02-12-2014 21:53:03 HPSF Applying updates 12-12-2014 11:44:35 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {09AB4D44-60D5-4776-BCD8-4C2DE36B92A2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {1F588D0F-89CD-4DD1-96DD-6F38171AE066} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {26462625-46D5-42CC-B1B6-CEC61335E0FA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {2FAAD61F-CF49-4D36-8F4A-61C5B03F9686} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {364F08CA-46A6-4419-9C07-9D891856AD51} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation) Task: {37090FD8-4657-44B7-9867-DAAC38D04117} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.) Task: {46A2E811-4128-41E1-A6E6-A026EC87B347} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.) Task: {7ADA3E4F-7A44-4832-851B-F8D64DAE646C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {7F18B84E-D078-41AD-9E9E-955A390A4C5F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {8F63F7A1-3057-4730-BF1A-DD436171B388} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {9AC7FCD2-9AB8-4669-8D05-DB4057BDF0E5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-12] (Microsoft Corporation) Task: {A8714DD2-5576-45CF-9862-640527A23596} - System32\Tasks\HPCeeScheduleForKarin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {C8821D3E-E83C-4E18-8391-814A138BA751} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {D69603DA-2F0D-44E9-9FAA-98530ED37670} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink) Task: {DF3BD3B3-F966-4096-9FD8-3B86D27F558B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {E53DCB4B-309A-4925-9D40-48F994092622} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation) Task: {EB014E05-8CE2-40EE-8A7D-7E544AADE4D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation) Task: {F3400AAD-A3A8-4741-9091-626C5CBF27F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {F5569FFD-1E1C-4F8E-BE25-4CE1346A7B5A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {F67254BD-B012-4CE6-BE78-737727A89DC0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated) Task: {FF939A77-FA90-4A04-8C85-7BBD940F4025} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\HPCeeScheduleForKarin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-14 11:23 - 2013-10-14 11:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe 2013-10-14 11:24 - 2013-10-14 11:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll 2013-10-14 11:25 - 2013-10-14 11:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2013-10-14 11:22 - 2013-10-14 11:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2013-10-14 11:22 - 2013-10-14 11:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2013-10-14 11:22 - 2013-10-14 11:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2013-10-14 11:35 - 2013-10-14 11:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2013-10-14 11:35 - 2013-10-14 11:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2014-07-23 20:14 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-10-14 11:30 - 2013-10-14 11:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2013-09-05 20:18 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-08-05 14:48 - 2013-08-05 14:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-12-09 23:56 - 2014-12-09 23:57 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-09-05 20:01 - 2013-08-09 13:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Karin\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-909195022-2987603871-1801273306-500 - Administrator - Disabled) Gast (S-1-5-21-909195022-2987603871-1801273306-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-909195022-2987603871-1801273306-1003 - Limited - Enabled) Karin (S-1-5-21-909195022-2987603871-1801273306-1001 - Administrator - Enabled) => C:\Users\Karin Rodzice (S-1-5-21-909195022-2987603871-1801273306-1004 - Limited - Enabled) => C:\Users\Rodzice ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/12/2014 07:58:31 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17d0 Startzeit: 01d0163ce86b04e0 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: dc020d72-8230-11e4-828b-a01d48d77da8 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (12/12/2014 07:54:00 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e48 Startzeit: 01d0163c3c9aa3f3 Endzeit: 4294967295 Anwendungspfad: C:\Windows\system32\backgroundTaskHost.exe Berichts-ID: 333d8442-8230-11e4-828b-a01d48d77da8 Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App Error: (12/12/2014 10:50:09 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1970 Startzeit: 01d015f0f94e4d77 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 3bec9aed-81e4-11e4-828a-a01d48d77da8 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (12/12/2014 10:49:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 38683766 Error: (12/12/2014 10:49:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 38683766 Error: (12/12/2014 10:49:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/12/2014 03:05:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10810969 Error: (12/12/2014 03:05:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10810969 Error: (12/12/2014 03:05:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/12/2014 03:05:16 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10808547 System errors: ============= Error: (12/12/2014 01:03:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3004394) Error: (12/12/2014 01:03:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB2989930) Error: (12/12/2014 01:03:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB2994290) Error: (12/04/2014 03:27:49 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 04.12.2014 um 12:45:07 unerwartet heruntergefahren. Error: (11/24/2014 11:38:19 PM) (Source: DCOM) (EventID: 10010) (User: KRYSTKOWIAK) Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa Error: (11/24/2014 09:51:41 PM) (Source: DCOM) (EventID: 10001) (User: KRYSTKOWIAK) Description: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXcb57ts2w32xbpc7n3jqxbtnmr4q7xt2s.mca31App.AppXc8rycndk1ekkc9m3324j0ytqwzxe1mat.mcaNicht verfügbarNicht verfügbar Error: (11/24/2014 09:51:41 PM) (Source: DCOM) (EventID: 10001) (User: KRYSTKOWIAK) Description: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXcb57ts2w32xbpc7n3jqxbtnmr4q7xt2s.mca31App.AppXc8rycndk1ekkc9m3324j0ytqwzxe1mat.mcaNicht verfügbarNicht verfügbar Error: (11/24/2014 09:51:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht. Error: (11/24/2014 01:15:32 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 24.11.2014 um 00:44:20 unerwartet heruntergefahren. Error: (11/21/2014 03:21:49 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Microsoft Office Sessions: ========================= Error: (12/12/2014 07:58:31 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.2068917d001d0163ce86b04e04294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exedc020d72-8230-11e4-828b-a01d48d77da8microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (12/12/2014 07:54:00 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: backgroundTaskHost.exe6.3.9600.16384e4801d0163c3c9aa3f34294967295C:\Windows\system32\backgroundTaskHost.exe333d8442-8230-11e4-828b-a01d48d77da8Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp Error: (12/12/2014 10:50:09 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20689197001d015f0f94e4d774294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe3bec9aed-81e4-11e4-828a-a01d48d77da8microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (12/12/2014 10:49:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 38683766 Error: (12/12/2014 10:49:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 38683766 Error: (12/12/2014 10:49:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/12/2014 03:05:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10810969 Error: (12/12/2014 03:05:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10810969 Error: (12/12/2014 03:05:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/12/2014 03:05:16 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10808547 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz Percentage of memory in use: 71% Total physical RAM: 4011.57 MB Available physical RAM: 1124.38 MB Total Pagefile: 10667.57 MB Available Pagefile: 8338.11 MB Total Virtual: 131072 MB Available Virtual: 131071.81 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:449.1 GB) (Free:343.72 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:15.89 GB) (Free:1.56 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 94763991) Partition: GPT Partition Type. ==================== End Of Log ============================ |
13.12.2014, 17:07 | #4 |
/// the machine /// TB-Ausbilder | Hotmail verschickt Spam Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.12.2014, 20:03 | #5 |
| Hotmail verschickt Spam Habe alles, wie beschrieben ,gemacht: Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 13.12.2014 Suchlauf-Zeit: 18:51:06 Logdatei: Malwarebytes Anti-Malware .txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.13.05 Rootkit Datenbank: v2014.12.08.03 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Karin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 370376 Verstrichene Zeit: 36 Min, 51 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) AdwCleaner Code:
ATTFilter # AdwCleaner v4.105 - Bericht erstellt am 13/12/2014 um 19:37:39 # Aktualisiert 08/12/2014 von Xplode # Database : 2014-12-13.4 [Live] # Betriebssystem : Windows 8.1 (64 bits) # Benutzername : Karin - KRYSTKOWIAK # Gestartet von : C:\Users\Karin\Downloads\AdwCleaner_4.105.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} Schlüssel Gelöscht : HKCU\Software\OCS ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v34.0.5 (x86 de) ************************* AdwCleaner[R0].txt - [934 octets] - [13/12/2014 19:33:47] AdwCleaner[S0].txt - [810 octets] - [13/12/2014 19:37:39] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [869 octets] ########## Junkware Removal Tool Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 8.1 x64 Ran by Karin on 13.12.2014 at 19:51:06,80 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Windows\wininit.ini" ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Karin\AppData\Roaming\mozilla\firefox\profiles\u42l5oxe.default\minidumps [18 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 13.12.2014 at 19:57:26,71 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014 Ran by Karin (administrator) on KRYSTKOWIAK on 13-12-2014 19:58:18 Running from C:\Users\Karin\Downloads Loaded Profile: Karin (Available profiles: Karin & Rodzice) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-27] (Realtek Semiconductor) HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-01] (CyberLink Corp.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [NPSStartup] => [X] HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-909195022-2987603871-1801273306-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 HKU\S-1-5-21-909195022-2987603871-1801273306-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4 HKU\S-1-5-21-909195022-2987603871-1801273306-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 SearchScopes: HKLM -> {96088B54-A627-45D4-AD07-2FB0771F6FBD} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {96088B54-A627-45D4-AD07-2FB0771F6FBD} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-909195022-2987603871-1801273306-1001 -> {96088B54-A627-45D4-AD07-2FB0771F6FBD} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-909195022-2987603871-1801273306-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\u42l5oxe.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\u42l5oxe.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\u42l5oxe.default\searchplugins\google-maps.xml FF Extension: Adblock Plus - C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\u42l5oxe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-04] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.) R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation) S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-03-25] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) U3 McAPExe; No ImagePath U3 McMPFSvc; No ImagePath U3 McNaiAnn; No ImagePath U3 mcpltsvc; No ImagePath U3 McProxy; No ImagePath U3 mfecore; No ImagePath U3 MSK80Service; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-13 19:58 - 2014-12-13 19:58 - 00000000 ____D () C:\Users\Karin\Downloads\FRST-OlderVersion 2014-12-13 19:57 - 2014-12-13 19:57 - 00000803 _____ () C:\Users\Karin\Desktop\JRT.txt 2014-12-13 19:51 - 2014-12-13 19:51 - 00000000 ____D () C:\Windows\ERUNT 2014-12-13 19:48 - 2014-12-13 19:48 - 01707646 _____ (Thisisu) C:\Users\Karin\Downloads\JRT.exe 2014-12-13 19:47 - 2014-12-13 19:47 - 00000948 _____ () C:\Users\Karin\Desktop\adwcleaner.txt 2014-12-13 19:32 - 2014-12-13 19:37 - 00000000 ____D () C:\AdwCleaner 2014-12-13 19:31 - 2014-12-13 19:31 - 02166272 _____ () C:\Users\Karin\Downloads\AdwCleaner_4.105.exe 2014-12-13 19:29 - 2014-12-13 19:29 - 00001211 _____ () C:\Users\Karin\Desktop\mbam.txt.txt 2014-12-13 18:50 - 2014-12-13 18:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-13 18:50 - 2014-12-13 18:50 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-13 18:50 - 2014-12-13 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-13 18:49 - 2014-12-13 18:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-13 18:49 - 2014-12-13 18:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-13 18:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-13 18:49 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-13 18:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-13 18:47 - 2014-12-13 18:47 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Karin\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-13 01:06 - 2014-12-13 01:06 - 00001504 _____ () C:\Users\Karin\Desktop\theofanis ernährungsplan mit ladetag 13.12.2014.klf 2014-12-12 20:00 - 2014-12-12 20:02 - 00028726 _____ () C:\Users\Karin\Downloads\Addition.txt 2014-12-12 19:57 - 2014-12-13 19:58 - 00017079 _____ () C:\Users\Karin\Downloads\FRST.txt 2014-12-12 19:57 - 2014-12-13 19:58 - 00000000 ____D () C:\FRST 2014-12-12 19:56 - 2014-12-13 19:58 - 02119168 _____ (Farbar) C:\Users\Karin\Downloads\FRST64.exe 2014-12-10 21:02 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2014-12-10 21:02 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2014-12-10 19:56 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 19:56 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 19:56 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 19:56 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-12-10 19:56 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 19:56 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-12-10 19:56 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 19:56 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-10 19:56 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 19:56 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-10 19:56 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-12-10 19:56 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-12-10 19:56 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 19:56 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 19:56 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 19:56 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-12-10 19:56 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-12-10 19:56 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-12-10 19:56 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 19:56 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 19:56 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 19:56 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 19:56 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 19:56 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 19:56 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-12-10 19:56 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 19:56 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-10 19:56 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-12-10 19:56 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 19:56 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-12-10 19:56 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 19:56 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 19:56 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 19:56 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 19:56 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-10 19:56 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 19:56 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 19:56 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-10 19:56 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-10 19:56 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 19:56 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 19:56 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2014-12-10 19:56 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys 2014-12-10 19:56 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys 2014-12-09 23:56 - 2014-12-09 23:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-08 14:39 - 2014-12-13 19:38 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForKarin.job 2014-12-08 14:39 - 2014-12-13 16:22 - 00003170 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKarin 2014-12-07 22:58 - 2014-12-07 22:58 - 00008700 _____ () C:\Users\Karin\AppData\Local\recently-used.xbel 2014-12-07 21:38 - 2014-12-07 21:38 - 00000281 _____ () C:\Users\Karin\AppData\Local\psppirerc 2014-12-03 14:24 - 2014-12-03 14:24 - 00000000 ____D () C:\Users\Karin\Desktop\Christkindlesmarkt 2014 2014-11-27 12:33 - 2014-11-27 12:33 - 00000000 __SHD () C:\Users\Karin\AppData\Local\EmieBrowserModeList 2014-11-24 15:27 - 2014-11-24 15:27 - 00000724 _____ () C:\Users\Karin\Downloads\Desktop - Verknüpfung.lnk 2014-11-19 12:45 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 12:45 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 12:45 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 12:45 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-16 16:03 - 2014-12-11 00:49 - 00002126 _____ () C:\Users\Karin\Desktop\nnnn.klf 2014-11-14 10:23 - 2014-11-14 10:23 - 00000000 ____D () C:\Users\Karin\AppData\Local\Microsoft Help ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-13 19:58 - 2014-03-01 11:54 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-909195022-2987603871-1801273306-1001 2014-12-13 19:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-12-13 19:47 - 2014-03-01 11:50 - 00000000 ____D () C:\Users\Karin\Documents\Youcam 2014-12-13 19:46 - 2014-03-01 11:51 - 00000000 __RDO () C:\Users\Karin\SkyDrive 2014-12-13 19:45 - 2013-08-26 07:01 - 00058324 _____ () C:\Windows\PFRO.log 2014-12-13 19:45 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-13 19:38 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-12-13 19:01 - 2014-03-01 12:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-13 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2014-12-13 18:43 - 2014-03-01 11:40 - 01549731 _____ () C:\Windows\WindowsUpdate.log 2014-12-13 16:23 - 2014-03-01 12:43 - 00000000 ____D () C:\ProgramData\MFAData 2014-12-13 01:06 - 2014-04-19 14:02 - 00000000 ____D () C:\Program Files (x86)\KaloMa 2014-12-13 00:17 - 2014-10-20 23:14 - 00000000 ____D () C:\Users\Karin\Desktop\sse online 2014-12-12 19:04 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-12-12 18:43 - 2014-03-09 10:01 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-12-12 18:43 - 2014-03-09 10:00 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-12-12 18:40 - 2013-09-06 05:08 - 00801992 _____ () C:\Windows\system32\perfh007.dat 2014-12-12 18:40 - 2013-09-06 05:08 - 00174994 _____ () C:\Windows\system32\perfc007.dat 2014-12-12 18:40 - 2013-08-26 07:09 - 01924576 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-12 18:37 - 2014-05-01 23:17 - 00000000 ___RD () C:\Users\Karin\Desktop\uni 2014-12-12 18:33 - 2014-03-01 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-12 18:33 - 2013-08-22 15:44 - 00519712 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-12 13:03 - 2014-03-04 11:22 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-12 13:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-12 13:01 - 2014-03-04 11:22 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-12 13:01 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-12-11 21:10 - 2014-03-05 22:36 - 01317376 ___SH () C:\Users\Karin\Desktop\Thumbs.db 2014-12-11 21:09 - 2014-03-01 12:15 - 00299008 ___SH () C:\Users\Karin\Downloads\Thumbs.db 2014-12-10 00:01 - 2014-03-01 12:41 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-08 14:41 - 2014-03-01 11:48 - 00000000 ____D () C:\Users\Karin\AppData\Local\Packages 2014-12-08 14:29 - 2014-03-01 11:48 - 00000000 ____D () C:\Users\Karin 2014-12-07 23:08 - 2014-10-09 19:02 - 00000000 ____D () C:\Users\Karin\Desktop\HiWi 2014-12-07 22:58 - 2014-10-10 20:52 - 00008740 _____ () C:\Users\Karin\pspp.jnl 2014-12-05 11:17 - 2014-11-08 10:25 - 00000000 ____D () C:\Users\Karin\Desktop\kunstgeschichte 2014-12-04 15:33 - 2014-09-07 18:45 - 00000000 ____D () C:\Users\Rodzice 2014-12-02 23:03 - 2013-09-01 04:49 - 00000000 ____D () C:\SWSetup 2014-11-26 22:10 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-26 22:10 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-23 14:14 - 2014-10-27 22:31 - 00000000 ____D () C:\Users\Karin\AppData\Local\gtk-2.0 2014-11-22 21:36 - 2014-07-23 20:05 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-11-16 14:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-11-16 14:14 - 2014-08-25 13:10 - 00000000 ___RD () C:\Users\Karin\Desktop\zdjecia 2014-11-16 13:21 - 2013-08-22 15:46 - 00048874 _____ () C:\Windows\setupact.log 2014-11-14 11:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2014-11-14 11:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-11-14 11:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-14 11:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-14 11:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-14 11:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-11-13 19:13 - 2014-10-12 01:09 - 00001004 _____ () C:\Users\Public\Desktop\AVG 2015.lnk 2014-11-13 19:13 - 2014-03-31 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Some content of TEMP: ==================== C:\Users\Karin\AppData\Local\Temp\COMAP.EXE C:\Users\Karin\AppData\Local\Temp\EAD6DD8.exe C:\Users\Karin\AppData\Local\Temp\EAD9384.exe C:\Users\Karin\AppData\Local\Temp\Extract.exe C:\Users\Karin\AppData\Local\Temp\GdiPlus.dll C:\Users\Karin\AppData\Local\Temp\InstallerMessageBox.exe C:\Users\Karin\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe C:\Users\Karin\AppData\Local\Temp\NPSInstallerProxy.exe C:\Users\Karin\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll C:\Users\Karin\AppData\Local\Temp\Quarantine.exe C:\Users\Karin\AppData\Local\Temp\SP63341.exe C:\Users\Karin\AppData\Local\Temp\SP63599.exe C:\Users\Karin\AppData\Local\Temp\SP63878.exe C:\Users\Karin\AppData\Local\Temp\sp64126.exe C:\Users\Karin\AppData\Local\Temp\SP64339.exe C:\Users\Karin\AppData\Local\Temp\SP64569.exe C:\Users\Karin\AppData\Local\Temp\SP64854.exe C:\Users\Karin\AppData\Local\Temp\SP64881.exe C:\Users\Karin\AppData\Local\Temp\SP65168.exe C:\Users\Karin\AppData\Local\Temp\SP65782.exe C:\Users\Karin\AppData\Local\Temp\SP65792.exe C:\Users\Karin\AppData\Local\Temp\SP65793.exe C:\Users\Karin\AppData\Local\Temp\SP65796.exe C:\Users\Karin\AppData\Local\Temp\SP65880.exe C:\Users\Karin\AppData\Local\Temp\SP66078.exe C:\Users\Karin\AppData\Local\Temp\SP66604.exe C:\Users\Karin\AppData\Local\Temp\sqlite3.dll C:\Users\Karin\AppData\Local\Temp\UninstallEADM.dll C:\Users\Karin\AppData\Local\Temp\UninstallHPSA.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-08 14:38 ==================== End Of Log ============================ Schon mal vielen Dank im Voraus! |
14.12.2014, 14:01 | #6 |
/// the machine /// TB-Ausbilder | Hotmail verschickt SpamESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Hotmail verschickt Spam |
14.12.2014, 22:26 | #7 |
| Hotmail verschickt Spam So, erstmal das ESET Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=c4d04d04c5adb74085f251c8040b8165 # engine=21551 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-12-14 09:11:57 # local_time=2014-12-14 10:11:57 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='AVG AntiVirus Free Edition 2015' # compatibility_mode=1055 16777213 100 100 17892 105725501 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 2630186 43472810 0 0 # scanned=58053 # found=0 # cleaned=0 # scan_time=1385 Bei Security Check habe ich ein Problem: Ich habe es runtergeladen, musste dann auf eine beliebige Taste drücken und dann stand da, dass mein Betriebssystem nicht unterstützt wird und das Programm deshalb keinen Scan ausführen kann. Was nun? |
15.12.2014, 19:36 | #8 |
/// the machine /// TB-Ausbilder | Hotmail verschickt Spam Mach einfach mit dem Rest weiter
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.12.2014, 21:26 | #9 |
| Hotmail verschickt SpamFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014 Ran by Karin (administrator) on KRYSTKOWIAK on 15-12-2014 21:20:31 Running from C:\Users\Karin\Downloads Loaded Profile: Karin (Available profiles: Karin) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-27] (Realtek Semiconductor) HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-01] (CyberLink Corp.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [NPSStartup] => [X] HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-909195022-2987603871-1801273306-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 HKU\S-1-5-21-909195022-2987603871-1801273306-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4 HKU\S-1-5-21-909195022-2987603871-1801273306-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 SearchScopes: HKLM -> {96088B54-A627-45D4-AD07-2FB0771F6FBD} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {96088B54-A627-45D4-AD07-2FB0771F6FBD} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-909195022-2987603871-1801273306-1001 -> {96088B54-A627-45D4-AD07-2FB0771F6FBD} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-909195022-2987603871-1801273306-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\u42l5oxe.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\u42l5oxe.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\u42l5oxe.default\searchplugins\google-maps.xml FF Extension: Adblock Plus - C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\u42l5oxe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-04] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.) R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation) S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-03-25] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) U3 McAPExe; No ImagePath U3 McMPFSvc; No ImagePath U3 McNaiAnn; No ImagePath U3 mcpltsvc; No ImagePath U3 McProxy; No ImagePath U3 mfecore; No ImagePath U3 MSK80Service; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-14 21:34 - 2014-12-14 21:34 - 02347384 _____ (ESET) C:\Users\Karin\Downloads\esetsmartinstaller_deu.exe 2014-12-13 19:58 - 2014-12-13 19:58 - 00000000 ____D () C:\Users\Karin\Downloads\FRST-OlderVersion 2014-12-13 19:57 - 2014-12-13 19:57 - 00000803 _____ () C:\Users\Karin\Desktop\JRT.txt 2014-12-13 19:51 - 2014-12-13 19:51 - 00000000 ____D () C:\Windows\ERUNT 2014-12-13 19:48 - 2014-12-13 19:48 - 01707646 _____ (Thisisu) C:\Users\Karin\Downloads\JRT.exe 2014-12-13 19:47 - 2014-12-13 19:47 - 00000948 _____ () C:\Users\Karin\Desktop\adwcleaner.txt 2014-12-13 19:32 - 2014-12-13 19:37 - 00000000 ____D () C:\AdwCleaner 2014-12-13 19:31 - 2014-12-13 19:31 - 02166272 _____ () C:\Users\Karin\Downloads\AdwCleaner_4.105.exe 2014-12-13 19:29 - 2014-12-13 19:29 - 00001211 _____ () C:\Users\Karin\Desktop\mbam.txt.txt 2014-12-13 18:50 - 2014-12-13 18:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-13 18:50 - 2014-12-13 18:50 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-13 18:50 - 2014-12-13 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-13 18:49 - 2014-12-13 18:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-13 18:49 - 2014-12-13 18:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-13 18:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-13 18:49 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-13 18:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-13 18:47 - 2014-12-13 18:47 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Karin\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-13 01:06 - 2014-12-13 01:06 - 00001504 _____ () C:\Users\Karin\Desktop\theofanis ernährungsplan mit ladetag 13.12.2014.klf 2014-12-12 20:00 - 2014-12-12 20:02 - 00028726 _____ () C:\Users\Karin\Downloads\Addition.txt 2014-12-12 19:57 - 2014-12-15 21:20 - 00018176 _____ () C:\Users\Karin\Downloads\FRST.txt 2014-12-12 19:57 - 2014-12-15 21:20 - 00000000 ____D () C:\FRST 2014-12-12 19:56 - 2014-12-13 19:58 - 02119168 _____ (Farbar) C:\Users\Karin\Downloads\FRST64.exe 2014-12-10 21:02 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll 2014-12-10 21:02 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-10 21:02 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2014-12-10 21:02 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2014-12-10 21:02 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-12-10 21:02 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-12-10 19:56 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 19:56 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 19:56 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 19:56 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-12-10 19:56 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 19:56 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-12-10 19:56 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 19:56 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-10 19:56 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 19:56 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-10 19:56 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-12-10 19:56 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-12-10 19:56 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 19:56 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 19:56 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 19:56 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-12-10 19:56 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-12-10 19:56 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-12-10 19:56 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 19:56 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 19:56 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 19:56 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 19:56 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 19:56 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 19:56 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-12-10 19:56 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 19:56 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-10 19:56 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-12-10 19:56 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 19:56 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-12-10 19:56 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 19:56 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 19:56 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 19:56 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 19:56 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-10 19:56 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 19:56 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 19:56 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-10 19:56 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-10 19:56 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 19:56 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 19:56 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2014-12-10 19:56 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys 2014-12-10 19:56 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys 2014-12-09 23:56 - 2014-12-09 23:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-08 14:39 - 2014-12-15 21:09 - 00003170 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKarin 2014-12-08 14:39 - 2014-12-15 21:09 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForKarin.job 2014-12-07 22:58 - 2014-12-07 22:58 - 00008700 _____ () C:\Users\Karin\AppData\Local\recently-used.xbel 2014-12-07 21:38 - 2014-12-07 21:38 - 00000281 _____ () C:\Users\Karin\AppData\Local\psppirerc 2014-12-03 14:24 - 2014-12-03 14:24 - 00000000 ____D () C:\Users\Karin\Desktop\Christkindlesmarkt 2014 2014-11-27 12:33 - 2014-11-27 12:33 - 00000000 __SHD () C:\Users\Karin\AppData\Local\EmieBrowserModeList 2014-11-24 15:27 - 2014-11-24 15:27 - 00000724 _____ () C:\Users\Karin\Downloads\Desktop - Verknüpfung.lnk 2014-11-19 12:45 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 12:45 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 12:45 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 12:45 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-16 16:03 - 2014-12-11 00:49 - 00002126 _____ () C:\Users\Karin\Desktop\nnnn.klf ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-15 21:18 - 2014-03-01 11:51 - 00000000 ___DO () C:\Users\Karin\SkyDrive 2014-12-15 21:15 - 2014-11-08 10:25 - 00000000 ____D () C:\Users\Karin\Desktop\kunstgeschichte 2014-12-15 21:14 - 2014-03-01 12:15 - 00299008 ___SH () C:\Users\Karin\Downloads\Thumbs.db 2014-12-15 21:09 - 2014-03-01 12:43 - 00000000 ____D () C:\ProgramData\MFAData 2014-12-15 21:08 - 2014-03-01 11:40 - 01091281 _____ () C:\Windows\WindowsUpdate.log 2014-12-15 21:05 - 2014-03-01 11:50 - 00000000 ____D () C:\Users\Karin\Documents\Youcam 2014-12-15 21:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2014-12-14 22:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-12-14 22:38 - 2014-09-07 18:45 - 00000000 ____D () C:\Users\Rodzice 2014-12-14 22:31 - 2013-08-26 07:01 - 00059158 _____ () C:\Windows\PFRO.log 2014-12-14 22:31 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-14 22:30 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-12-14 22:01 - 2014-03-01 12:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-14 21:43 - 2013-09-06 05:08 - 00801992 _____ () C:\Windows\system32\perfh007.dat 2014-12-14 21:43 - 2013-09-06 05:08 - 00174994 _____ () C:\Windows\system32\perfc007.dat 2014-12-14 21:43 - 2013-08-26 07:09 - 01924576 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-14 17:31 - 2014-03-01 11:54 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-909195022-2987603871-1801273306-1001 2014-12-14 17:15 - 2014-03-09 10:01 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-12-14 17:15 - 2014-03-09 10:00 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-12-13 22:43 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-12-13 22:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS 2014-12-13 22:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2014-12-13 20:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-12-13 01:06 - 2014-04-19 14:02 - 00000000 ____D () C:\Program Files (x86)\KaloMa 2014-12-13 00:17 - 2014-10-20 23:14 - 00000000 ____D () C:\Users\Karin\Desktop\sse online 2014-12-12 18:37 - 2014-05-01 23:17 - 00000000 ___RD () C:\Users\Karin\Desktop\uni 2014-12-12 18:33 - 2014-03-01 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-12 18:33 - 2013-08-22 15:44 - 00519712 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-12 13:03 - 2014-03-04 11:22 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-12 13:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-12 13:01 - 2014-03-04 11:22 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-12 13:01 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-12-11 21:10 - 2014-03-05 22:36 - 01317376 ___SH () C:\Users\Karin\Desktop\Thumbs.db 2014-12-10 00:01 - 2014-03-01 12:41 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-08 14:41 - 2014-03-01 11:48 - 00000000 ____D () C:\Users\Karin\AppData\Local\Packages 2014-12-08 14:29 - 2014-03-01 11:48 - 00000000 ____D () C:\Users\Karin 2014-12-07 23:08 - 2014-10-09 19:02 - 00000000 ____D () C:\Users\Karin\Desktop\HiWi 2014-12-07 22:58 - 2014-10-10 20:52 - 00008740 _____ () C:\Users\Karin\pspp.jnl 2014-12-02 23:03 - 2013-09-01 04:49 - 00000000 ____D () C:\SWSetup 2014-11-26 22:10 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-26 22:10 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-23 14:14 - 2014-10-27 22:31 - 00000000 ____D () C:\Users\Karin\AppData\Local\gtk-2.0 2014-11-22 21:36 - 2014-07-23 20:05 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-11-16 14:14 - 2014-08-25 13:10 - 00000000 ___RD () C:\Users\Karin\Desktop\zdjecia 2014-11-16 13:21 - 2013-08-22 15:46 - 00048874 _____ () C:\Windows\setupact.log Some content of TEMP: ==================== C:\Users\Karin\AppData\Local\Temp\COMAP.EXE C:\Users\Karin\AppData\Local\Temp\EAD6DD8.exe C:\Users\Karin\AppData\Local\Temp\EAD9384.exe C:\Users\Karin\AppData\Local\Temp\Extract.exe C:\Users\Karin\AppData\Local\Temp\GdiPlus.dll C:\Users\Karin\AppData\Local\Temp\InstallerMessageBox.exe C:\Users\Karin\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe C:\Users\Karin\AppData\Local\Temp\NPSInstallerProxy.exe C:\Users\Karin\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll C:\Users\Karin\AppData\Local\Temp\Quarantine.exe C:\Users\Karin\AppData\Local\Temp\SP63341.exe C:\Users\Karin\AppData\Local\Temp\SP63599.exe C:\Users\Karin\AppData\Local\Temp\SP63878.exe C:\Users\Karin\AppData\Local\Temp\sp64126.exe C:\Users\Karin\AppData\Local\Temp\SP64339.exe C:\Users\Karin\AppData\Local\Temp\SP64569.exe C:\Users\Karin\AppData\Local\Temp\SP64854.exe C:\Users\Karin\AppData\Local\Temp\SP64881.exe C:\Users\Karin\AppData\Local\Temp\SP65168.exe C:\Users\Karin\AppData\Local\Temp\SP65782.exe C:\Users\Karin\AppData\Local\Temp\SP65792.exe C:\Users\Karin\AppData\Local\Temp\SP65793.exe C:\Users\Karin\AppData\Local\Temp\SP65796.exe C:\Users\Karin\AppData\Local\Temp\SP65880.exe C:\Users\Karin\AppData\Local\Temp\SP66078.exe C:\Users\Karin\AppData\Local\Temp\SP66604.exe C:\Users\Karin\AppData\Local\Temp\sqlite3.dll C:\Users\Karin\AppData\Local\Temp\UninstallEADM.dll C:\Users\Karin\AppData\Local\Temp\UninstallHPSA.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-13 20:10 ==================== End Of Log ============================ So, das wäre das Letzte. Wie sieht es eigentlich bisher aus? |
16.12.2014, 20:59 | #10 |
/// the machine /// TB-Ausbilder | Hotmail verschickt Spam Passwort vom Mail Account ändern. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.12.2014, 14:38 | #11 |
| Hotmail verschickt Spam Erstmal danke für die ganzen Tipps! Hab mir einiges runtergeladen und werde es sicher in Zukunft anwenden. Automatische Windows Updates habe ich schon seit Anfang an. Ich hätte jetzt noch zwei Fragen, dann bist du mich los 1. Gab es irgendeinen Trojaner bei mir? Bzw. was verursacht jetzt dieses Verschicken der Mails? Du sagst ich soll noch mein Passwort ändern: Soll ich es an meinem Laptop machen oder lieber an einem anderen PC? Das Problem ist auch noch, dass das Ändern von Passwörtern bei Hotmail sehr lange dauern, da müssen erst irgendwie 30 Tage vergehen, bis man was machen kann usw., ich habe das ja vor einiger Zeit bereits gemacht, aber hat ja wenig geholfen. Vielleicht lag es daran, dass ich es nicht an einem anderem PC gemacht habe? 2. Zum Thema Anti-Viren-Software: Ich nutze im Moment die kostenlose Version von AVG. Ich würde mir die Vollversion kaufen, da ja dabei steht, dass es da auch einen Schutz vor Malware gibt. Ist AVG da gut wenn es um Malware geht? Sorry, habe da eigentlich gar keine Ahnung bzw. Erfahrung. Danke schon mal im Voraus! |
17.12.2014, 21:00 | #12 |
/// the machine /// TB-Ausbilder | Hotmail verschickt Spam AVG kenne ich nicht genau. Ich empfehle immer Emsisoft Passwort von diesem Rechner ändern, das is kein problem. Das Passwort kann man nur alle 30 Tage ändern? Wäre für mich nen Grund den Anbieter zu wechseln. Da war nur bissl Adware drauf.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
18.12.2014, 01:25 | #13 |
| Hotmail verschickt Spam Sorry, hab mich vertan bei den Passwörtern, bei den 30 Tagen handelte es sich um was anderes Außerdem brauch ich den Anbieter, da ich ja Windows 8 habe.. Na gut, ich hoffe dann, dass das Problem nicht mehr auftreten wird. Vielen vielen Dank nochmal für die Hilfe und Unterstützung! Ahja noch was Ich habe die Hotmail-App auch auf dem Handy. Kann es sein, dass von da irgendwas gehackt wurde oder so? Geändert von needinghelp (18.12.2014 um 01:30 Uhr) |
18.12.2014, 21:01 | #14 | |
/// the machine /// TB-Ausbilder | Hotmail verschickt SpamZitat:
Hack ist warscheinlich, deswegen ja die PW Änderung?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.12.2014, 11:06 | #15 |
| Hotmail verschickt Spam Man musste ja bei Beginn ein Konto erstellen. Aber ich hatte schon davor Hotmail, daher war das für mich kein Problem und seit vier Jahren gab es ja damit nie Problem, bis dato. Wenn man sich jetzt eine Vollversion von einem Anti-Virus-Programm kauft, darf ich dann das Programm Malwarebytes, Spyware Blaster oder Winpatrol installiert haben? Werden sich die Programme mit dem Anti-Virus-Programm nicht gegenseitig stören? Weil du da vor gemeint hast, man sollte nur eins immer haben. Sorry, falls das eine blöde Frage ist, aber will nichts falsch machen. |
Themen zu Hotmail verschickt Spam |
adressen, ahnung, angemeldet, automatisch, enthalten, forum, hilfe!, hotmail, hotmail msn links verschicken automatisch, lieben, link, mail, mails, monate, nichts, passwort, problem, ratlos, sache, sachen, sorge, spam, spammails von meinem konto, trojaner, trojanern, verschickt, vorgehen |