| |
| |||||||
Log-Analyse und Auswertung: Windows 8 _ Internet ladet sehr langsam bis gar nicht!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.03.2015, 18:07
| #1 |
 |  Windows 8 _ Internet ladet sehr langsam bis gar nicht! Hallo Ihr Lieben, ich bin neu hier und nicht sehr firm, habe jedoch versucht alle Anfangsschritte so gut als möglich durchzuführen. Das Internet geht seit ein paar Tagen plötzlich sehr auffällig langsam und die Seiten benötigen sehr lange zum laden bzw. werden gar nicht geladen. Ich versuche nun die "Logs" zu posten. Wenn ich das richtig verstanden habe. Anbei: Defogger, FRST und die Malewarebytes Logs. GMER hat leider nicht funktioniert, da bekam ich zwei Meldungen, die wie folgt lautnt: C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Gmer-19357.exe funktioniert nicht mehr: Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und sie werden benachrichtig, wenn eine Lösung verfügbar ist. (Ich habe den Virus Scan deaktiviert und das Internet getrennt, wie beschrieben). Was ich noch nicht rausgefunden habe: wo finde ich die Avast Antivirus Logs, da wurde gestern so einiges gefunden. Liebe Grüße und Dankeschön vorab für die Hilfe! Christine DEFOGGER: defogger_disable by jpshortstuff (23.02.10.1) Log created at 17:04 on 26/03/2015 (Christine K) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Christine (administrator) on CHRISTINE on 26-03-2015 17:11:05 Running from C:\Users\Christine\Desktop Loaded Profiles: UpdatusUser & Christine(Available profiles: UpdatusUser & Christine K) Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe () C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.2.8516.0_x64__8wekyb3d8bbwe\glcnd.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-09-05] (Synaptics Incorporated) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-28] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Alcatel Limo ModemListener] => C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe [125504 2012-03-23] () HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-23] (Avast Software s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\Run: [AppLauncher] => C:\Program Files (x86)\Medion MediaPack 3\Ashampoo AppLauncher (Medion)\AppLauncher.exe [969656 2012-08-10] (Ashampoo) HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\Run: [Power2GoExpress8] => NA HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG) HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1511792 2013-03-28] (Samsung) HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics) HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-03-28] (Samsung) HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\MountPoints2: {0a75eed9-0cc3-11e3-be99-d697da080bb1} - "F:\AutoRun.exe" HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG) HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1511792 2013-03-28] (Samsung) HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics) HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-03-28] (Samsung) HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\MountPoints2: {0a75eed9-0cc3-11e3-be99-d697da080bb1} - "F:\AutoRun.exe" HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\MountPoints2: {42bdaa0b-56b8-11e3-bea6-6036dd183e6c} - "F:\autorun.exe" HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\MountPoints2: {66d5e4ec-6354-11e3-beae-6036dd183e6c} - "F:\Startme.exe" HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\MountPoints2: {d98561e0-546d-11e4-bed8-00a0c6000000} - "F:\LaunchU3.exe" -a HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-11] (NVIDIA Corporation) AppInit_DLLs: C:\ProgramData\Fast And => C:\ProgramData\Fast And File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [203112 2012-10-11] (NVIDIA Corporation) AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-4175245928-530565587-4270067117-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com SearchScopes: HKU\S-1-5-21-4175245928-530565587-4270067117-1001 -> {7AE84D7C-9652-46BF-A616-E9EBF6D14146} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=96b342b4000000000000161a3c841caa&r=812 BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-09] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-23] (Avast Software s.r.o.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-09] (Microsoft Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-02-19] (DVDVideoSoft Ltd.) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-23] (Avast Software s.r.o.) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-02-19] (DVDVideoSoft Ltd.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-10-24] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Christine K\AppData\Roaming\Mozilla\Firefox\Profiles\3azibh0d.default-1427376267154 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-03] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-03] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN) FF SearchPlugin: C:\Users\Christine K\AppData\Roaming\Mozilla\Firefox\Profiles\3azibh0d.default-1427376267154\searchplugins\google-images.xml [2015-03-26] FF SearchPlugin: C:\Users\Christine K\AppData\Roaming\Mozilla\Firefox\Profiles\3azibh0d.default-1427376267154\searchplugins\google-maps.xml [2015-03-26] FF Extension: Cliqz Beta - C:\Users\Christine K\AppData\Roaming\Mozilla\Firefox\Profiles\3azibh0d.default-1427376267154\Extensions\cliqz@cliqz.com [2015-03-26] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-12] FF HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Christine K\AppData\Roaming\Mozilla\Firefox\Profiles\3azibh0d.default-1427376267154\extensions\cliqz@cliqz.com Chrome: ======= CHR HomePage: Default -> CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\default CHR Extension: (Google Docs) - C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-10] CHR Extension: (Google Drive) - C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-10] CHR Extension: (YouTube) - C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-10] CHR Extension: (Google Search) - C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-10] CHR Extension: (Avast Online Security) - C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-10] CHR Extension: (Google Wallet) - C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-10] CHR Extension: (Gmail) - C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-10] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Alcatel Limo Modem Device Helper; C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe [53312 2012-03-14] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-23] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-17] (Avast Software) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation) R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink) R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] () R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AlcatelOTnet; C:\Windows\system32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-23] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-23] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-23] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-23] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-23] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-03-23] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-23] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-03-23] () R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2012-11-14] (ITE ) S3 jrdusbser; C:\Windows\system32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-02-12] (Microsoft Corporation) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-17] (Avast Software) R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-26 17:11 - 2015-03-26 17:11 - 00021668 _____ () C:\Users\Christine K\Desktop\FRST.txt 2015-03-26 17:10 - 2015-03-26 17:11 - 00000000 ____D () C:\FRST 2015-03-26 17:07 - 2015-03-26 17:10 - 02095616 _____ (Farbar) C:\Users\Christine K\Desktop\FRST64.exe 2015-03-26 17:04 - 2015-03-26 17:04 - 00050477 _____ () C:\Users\Christine K\Desktop\Defogger.exe 2015-03-26 17:04 - 2015-03-26 17:04 - 00000494 _____ () C:\Users\Christine K\Desktop\defogger_disable.log 2015-03-26 17:04 - 2015-03-26 17:04 - 00000000 _____ () C:\Users\Christine K\defogger_reenable 2015-03-26 15:12 - 2015-03-26 15:12 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-03-26 15:09 - 2015-03-26 15:12 - 02347384 _____ (ESET) C:\Users\Christine K\Downloads\esetsmartinstaller_deu.exe 2015-03-26 15:04 - 2015-03-26 15:04 - 00000000 ____D () C:\Users\Christine K\AppData\Roaming\Cliqz 2015-03-26 15:04 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll 2015-03-26 15:04 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll 2015-03-26 14:24 - 2015-03-26 14:24 - 00000000 ____D () C:\Users\Christine K\Desktop\Alte Firefox-Daten 2015-03-26 00:29 - 2015-03-26 15:06 - 00002168 _____ () C:\Users\Christine K\Desktop\Trojan Remover - CHIP Downloader.lnk 2015-03-25 20:18 - 2015-03-25 20:22 - 01203488 _____ () C:\Users\Christine K\Downloads\Trojan Remover - CHIP-Installer.exe 2015-03-25 19:37 - 2015-03-25 19:37 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-25 10:43 - 2015-03-25 10:45 - 00000000 ____D () C:\Users\Christine K\Desktop\zu sortieren 2015-03-24 14:01 - 2015-03-24 14:01 - 00000000 ____D () C:\Users\Christine K\Desktop\Ich bin 2015-03-24 13:53 - 2015-03-24 21:00 - 00000000 ____D () C:\Users\Christine K\Desktop\Über die Liebe 2015-03-24 13:41 - 2015-03-24 13:43 - 00000000 ____D () C:\Users\Christine K\Desktop\Bilder ohne Worte 2015-03-23 20:29 - 2015-03-23 20:29 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-03-23 20:29 - 2015-03-23 20:29 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-03-23 15:20 - 2015-03-23 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-19 20:29 - 2015-03-19 20:29 - 04083631 _____ () C:\Users\Christine K\Downloads\Gespräch Nusser Christine.3ga 2015-03-19 20:28 - 2015-03-19 20:28 - 03268070 _____ () C:\Users\Christine K\Downloads\Eric.3ga 2015-03-19 19:29 - 2015-03-19 19:29 - 00000000 ____D () C:\Users\Christine K\Documents\Mein Weg in die Selbstständigkeit 2015-03-03 20:37 - 2015-03-03 20:39 - 76313280 _____ (Adobe Systems Incorporated) C:\Users\Christine K\Downloads\AdbeRdr11010_de_DE.exe 2015-03-03 20:36 - 2015-03-03 20:40 - 00000000 ____D () C:\Users\Christine K\AppData\Local\Adobe 2015-03-03 10:17 - 2015-03-03 10:18 - 00000197 _____ () C:\Windows\system32\2015-03-03-09-17-48.042-AvastVBoxSVC.exe-2360.log 2015-03-02 14:22 - 2015-03-25 00:22 - 00000000 ____D () C:\Users\Christine K\Desktop\Botschaften 2015-03-02 13:54 - 2015-03-02 13:55 - 00000197 _____ () C:\Windows\system32\2015-03-02-12-54-22.035-AvastVBoxSVC.exe-2208.log 2015-03-02 13:47 - 2015-03-02 13:49 - 00000197 _____ () C:\Windows\system32\2015-03-02-12-47-30.099-AvastVBoxSVC.exe-2180.log 2015-02-28 18:02 - 2015-02-28 18:03 - 00000000 ____D () C:\Users\Christine K\Documents\Rezepte 2015-02-28 14:37 - 2015-02-28 14:40 - 00000197 _____ () C:\Windows\system32\2015-02-28-13-37-29.039-AvastVBoxSVC.exe-3352.log 2015-02-27 21:13 - 2015-02-27 21:16 - 00000197 _____ () C:\Windows\system32\2015-02-27-20-13-57.094-AvastVBoxSVC.exe-3152.log 2015-02-27 21:08 - 2015-02-27 21:08 - 00000197 _____ () C:\Windows\system32\2015-02-27-20-08-06.098-AvastVBoxSVC.exe-3528.log 2015-02-27 20:53 - 2015-02-27 20:53 - 00000197 _____ () C:\Windows\system32\2015-02-27-19-53-04.038-AvastVBoxSVC.exe-3488.log 2015-02-25 15:30 - 2015-02-25 15:31 - 00000197 _____ () C:\Windows\system32\2015-02-25-14-30-58.077-AvastVBoxSVC.exe-3224.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-26 17:09 - 2014-11-23 11:24 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-26 17:04 - 2013-01-17 20:05 - 00000000 ____D () C:\Users\Christine K 2015-03-26 16:30 - 2013-01-17 20:05 - 02077791 _____ () C:\Windows\WindowsUpdate.log 2015-03-26 16:10 - 2014-08-24 11:14 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-26 16:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru 2015-03-26 15:01 - 2012-11-14 06:45 - 00754172 _____ () C:\Windows\system32\perfh007.dat 2015-03-26 15:01 - 2012-11-14 06:45 - 00156362 _____ () C:\Windows\system32\perfc007.dat 2015-03-26 15:01 - 2012-07-26 08:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-26 14:41 - 2013-01-20 11:22 - 00000667 _____ () C:\Users\Christine K\Desktop\Antenne Kärnten Livestream.website 2015-03-26 14:21 - 2013-01-17 20:08 - 00000000 ____D () C:\Users\Christine K\Documents\Youcam 2015-03-26 14:20 - 2014-11-23 11:24 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-26 00:01 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-25 20:00 - 2012-11-14 05:59 - 00231898 _____ () C:\Windows\PFRO.log 2015-03-25 20:00 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-03-25 19:37 - 2014-08-24 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-25 19:37 - 2014-08-24 11:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-24 21:45 - 2014-01-27 10:31 - 00000000 ____D () C:\Users\Christine K\Documents\Gesundheit 2015-03-24 15:34 - 2013-02-11 18:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-24 14:45 - 2013-12-19 12:54 - 02017792 ___SH () C:\Users\Christine K\Desktop\Thumbs.db 2015-03-23 22:03 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-03-23 20:29 - 2014-11-22 13:34 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-03-23 20:29 - 2014-07-09 14:42 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-03-23 20:29 - 2014-07-09 14:42 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-03-23 20:29 - 2013-04-02 20:04 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-03-23 20:29 - 2013-04-02 20:04 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-03-23 20:29 - 2013-02-12 20:24 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-03-23 20:29 - 2013-02-12 20:24 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-03-23 20:29 - 2013-02-12 20:23 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-03-23 20:28 - 2013-02-12 20:23 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-03-23 15:11 - 2014-11-23 11:26 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-18 11:29 - 2013-03-23 17:18 - 00069632 ___SH () C:\Users\Christine K\Downloads\Thumbs.db 2015-03-18 09:31 - 2013-11-26 22:29 - 00000000 ____D () C:\Users\Christine K\Documents\Berufliches 2015-03-17 18:05 - 2013-08-31 12:24 - 00000000 ____D () C:\Users\Christine K\Documents\Energetik 2015-03-17 06:15 - 2014-08-24 11:13 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-17 06:15 - 2014-08-24 11:13 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-17 06:15 - 2014-08-24 11:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-09 22:26 - 2013-11-25 22:57 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-09 22:23 - 2013-02-26 20:10 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-03-09 21:58 - 2014-12-19 19:46 - 00013312 ___SH () C:\Users\Christine K\Documents\Thumbs.db 2015-02-28 14:40 - 2015-02-14 19:41 - 00000000 ____D () C:\Users\Christine K\Desktop\Öle Reklamation Herr Kühni Bilder 2015-02-26 19:38 - 2014-01-27 09:49 - 00000000 ____D () C:\Users\Christine K\Documents\AMS ==================== Files in the root of some directories ======= 2014-05-23 15:33 - 2014-08-24 10:34 - 0000097 _____ () C:\Users\Christine K\AppData\Roaming\WB.CFG 2013-02-12 19:12 - 2013-02-12 19:12 - 0009554 _____ () C:\Users\Christine K\AppData\Local\recently-used.xbel 2012-11-14 09:19 - 2012-11-14 09:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Christine K\AppData\Local\Temp\6_Offer_11.exe C:\Users\Christine K\AppData\Local\Temp\COMAP.EXE C:\Users\Christine K\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Christine K\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Christine K\AppData\Local\Temp\FreeStudio.exe C:\Users\Christine K\AppData\Local\Temp\OfficeSetup.exe C:\Users\Christine K\AppData\Local\Temp\optprosetup.exe C:\Users\Christine K\AppData\Local\Temp\Quarantine.exe C:\Users\Christine K\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Christine K\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Christine K\AppData\Local\Temp\SkypeSetup.exe C:\Users\Christine K\AppData\Local\Temp\vcredist_x86.exe C:\Users\Christine K\AppData\Local\Temp\_is9AF8.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-25 11:13 ==================== End Of Log ============================ ADDITIONFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Christine K at 2015-03-26 17:17:00
Running from C:\Users\Christine K\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2215 - AVAST Software)
CLIQZ (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.68 - CLIQZ.com)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3124 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
CyberLink PowerDirector (Version: 9.0.0.3815c - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Studio version 6.5.0.219 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.219 - DVDVideoSoft Ltd.)
Free YouTube to DVD Converter version 3.1.44.908 (HKLM-x32\...\Free YouTube to DVD Converter_is1) (Version: 3.1.44.908 - DVDVideoSoft Ltd.)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
INet (HKLM-x32\...\Alcatel Limo INet_is1) (Version: - Alcatel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion)
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Medion Home Cinema 10 (x32 Version: 10.1924 - CyberLink Corp.) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\MyFreeCodec) (Version: - )
Nero 7 Ultra Edition (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1031}) (Version: 7.02.6445 - Nero AG)
NVIDIA Graphics Driver 307.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.17 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
QuickLaunch (HKLM-x32\...\{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}) (Version: 1.00.0019 - Lenovo Group Limited)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6722 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13034_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13034_9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Serif PhotoPlus X4 (HKLM-x32\...\{AFA3224E-8AD6-4EFA-9DBA-A2E499F30282}) (Version: 14.0.2.013 - Serif (Europe) Ltd)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.12 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4175245928-530565587-4270067117-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Christine K\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4175245928-530565587-4270067117-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Christine K\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4175245928-530565587-4270067117-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Christine K\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4175245928-530565587-4270067117-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Christine K\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
03-03-2015 17:26:22 Geplanter Prüfpunkt
15-03-2015 16:04:52 Geplanter Prüfpunkt
17-03-2015 16:32:32 avast! antivirus system restore point
23-03-2015 20:26:59 avast! antivirus system restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0E22486E-BD76-4AB8-82D9-FF0499C69DC1} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {13EC81F6-39DB-4D41-8361-E0E2A5B1FD5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {5E4D3901-C47F-495E-8771-679433B59FF6} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-05] (Synaptics Incorporated)
Task: {7D0A15EE-44AB-43ED-9ADD-57A58CE28BF3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-03-09] (Microsoft Corporation)
Task: {91A490A9-5E51-4B17-B776-5454C5597F2A} - System32\Tasks\{B18CDD16-41A6-434D-BA05-D6C2DCFC3B77} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/go/help.faq.installer?LastError=1603
Task: {B677D670-3A21-403B-A8A0-4959FB1F0934} - System32\Tasks\{D10111CA-AA61-4DA3-AC01-0AD09298835E} => Firefox.exe hxxp://ui.skype.com/ui/0/6.5.0.158/de/go/help.faq.installer?LastError=1603
Task: {BC1ECBC6-6527-412D-86C4-66AAD2E1A099} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {C54C63EA-8879-4F42-904A-3BC344E56201} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-23] (Avast Software s.r.o.)
Task: {E8E2F775-6C86-4753-A8BA-F60628E92550} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {F6AC475F-6A16-4F59-85E0-3E79A0BF6EDF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {FDCFC2B3-C149-4CA9-B711-BC94CEE5068A} - System32\Tasks\{EA164A1F-A2B5-470A-A8CD-21DB698174F9} => Firefox.exe hxxp://ui.skype.com/ui/0/6.5.0.158/de/go/help.faq.installer?LastError=1603
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2013-11-26 18:19 - 2012-03-14 12:05 - 00053312 _____ () C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe
2014-04-18 11:48 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-11-14 08:45 - 2012-10-19 12:27 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2012-11-14 09:03 - 2012-10-22 18:39 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-26 18:19 - 2012-03-23 09:25 - 00125504 _____ () C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe
2015-03-23 20:29 - 2015-03-23 20:29 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-23 20:29 - 2015-03-23 20:29 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-25 20:52 - 2015-03-25 20:52 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\15032501\algo.dll
2015-03-26 15:08 - 2015-03-26 15:08 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\15032600\algo.dll
2014-10-27 22:54 - 2014-10-27 22:54 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\e5fff0dbaa6ea962dc3bd611929ad347\PSIClient.ni.dll
2012-11-14 09:20 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-03-17 16:35 - 2015-03-17 16:35 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Christine K\Desktop\Mondkalender - Mondkalender - Horoskop - krone.at.website:TASKICON_0favicon1641131783
AlternateDataStreams: C:\Users\Christine K\Desktop\Mondkalender - Mondkalender - Horoskop - krone.at.website:TASKICON_1favicon-636825232
AlternateDataStreams: C:\Users\Christine K\Desktop\Mondkalender - Mondkalender - Horoskop - krone.at.website:TASKICON_2favicon-2027343776
AlternateDataStreams: C:\Users\Christine K\Desktop\Mondkalender - Mondkalender - Horoskop - krone.at.website:TASKICON_3favicon354031438
AlternateDataStreams: C:\Users\Christine K\Desktop\Mondkalender - Mondkalender - Horoskop - krone.at.website:TASKICON_4favicon1129091835
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4175245928-530565587-4270067117-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Christine K\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\StartupApproved\Run: => ""
HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\StartupApproved\Run: => "Skype"
==================== Accounts: =============================
Administrator (S-1-5-21-4175245928-530565587-4270067117-500 - Administrator - Disabled)
Christine K (S-1-5-21-4175245928-530565587-4270067117-1002 - Administrator - Enabled) => C:\Users\Christine K
Gast (S-1-5-21-4175245928-530565587-4270067117-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4175245928-530565587-4270067117-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-4175245928-530565587-4270067117-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/26/2015 05:05:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (03/26/2015 03:48:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (03/26/2015 03:04:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.4.5557, Zeitstempel: 0x550d0883
Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.4.5557, Zeitstempel: 0x550cfa82
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001e02
ID des fehlerhaften Prozesses: 0x1088
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (03/26/2015 02:29:55 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (03/25/2015 04:31:27 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (03/25/2015 10:31:01 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (03/24/2015 08:12:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CLMSServer.exe, Version: 2.0.0.8731, Zeitstempel: 0x4d9440c5
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000020
ID des fehlerhaften Prozesses: 0x50c
Startzeit der fehlerhaften Anwendung: 0xCLMSServer.exe0
Pfad der fehlerhaften Anwendung: CLMSServer.exe1
Pfad des fehlerhaften Moduls: CLMSServer.exe2
Berichtskennung: CLMSServer.exe3
Vollständiger Name des fehlerhaften Pakets: CLMSServer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CLMSServer.exe5
Error: (03/24/2015 03:41:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.4.5557, Zeitstempel: 0x550d0883
Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.4.5557, Zeitstempel: 0x550cfa82
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001e02
ID des fehlerhaften Prozesses: 0x15f8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (03/24/2015 01:41:18 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (03/24/2015 11:38:00 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
System errors:
=============
Error: (03/25/2015 11:59:40 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (03/25/2015 11:59:40 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (03/25/2015 09:49:46 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (03/25/2015 08:00:15 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (03/25/2015 05:28:42 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (03/24/2015 08:12:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 10 MS Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/24/2015 03:40:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.
Error: (03/24/2015 03:34:24 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (03/23/2015 07:55:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 10 MS Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/19/2015 09:26:16 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Microsoft Office Sessions:
=========================
Error: (10/30/2014 04:56:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 281 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/29/2014 01:09:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2216 seconds with 840 seconds of active time. This session ended with a crash.
Error: (10/23/2014 02:30:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 40 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/23/2014 02:28:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 44 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/20/2014 11:15:53 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 87029 seconds with 420 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8070.57 MB
Available physical RAM: 5812.63 MB
Total Pagefile: 9286.57 MB
Available Pagefile: 6845.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:533.91 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:40.8 GB) NTFS
Drive f: (AMS 2GB) (Removable) (Total:1.94 GB) (Free:0.84 GB) FAT
Drive g: (CHRISSI) (Removable) (Total:3.91 GB) (Free:2.8 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 462A80D0)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00851584)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)
========================================================
Disk: 2 (Size: 3.9 GB) (Disk ID: C6FF3978)
Partition 1: (Not Active) - (Size=3.9 GB) - (Type=0B)
==================== End Of Log ============================
|
|
26.03.2015, 18:08
| #2 |
| /// TB-Ausbilder   | Windows 8 _ Internet ladet sehr langsam bis gar nicht! Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Scan mit Combofix
|
|
26.03.2015, 18:57
| #3 |
| | Windows 8 _ Internet ladet sehr langsam bis gar nicht! Hallo lieber Matthias
__________________ Jetzt bin ich ein bißchen durcheinand. Soll ich dir nun quasi die Protokolle von: Schritt 1: Laufwerksemulationen abschalten mit Defogger Schritt 2: Systemscan mit FRST Schritt 3: Scan mit GMER Schritt 4: Logfiles von Malewarebytes Anti Malware in einzelne Code Tags posten und dann den Adw Cleaner ausführen und senden und danach Combofix.exe ausführen und senden? Ist das so in der Reihenfolge korrekt? Sorry bin da etwas überfordert grad... (Kopf schon so voll). Danke für deine Geduld! LG Christine |
|
26.03.2015, 20:20
| #4 | |
| /// TB-Ausbilder | Windows 8 _ Internet ladet sehr langsam bis gar nicht!Zitat:
Ich habe in meinem letzten Post nur etwas von ComboFix geschrieben, von sonst nichts... keine Ahnung, was du da reininterpretierst...  |
|
26.03.2015, 21:46
| #5 |
| |  Windows 8 _ Internet ladet sehr langsam bis gar nicht!Code:
ATTFilter Combofix Logfile: hoffe es passt nun so GLG Christine |
|
27.03.2015, 14:27
| #6 |
| /// TB-Ausbilder | Windows 8 _ Internet ladet sehr langsam bis gar nicht! Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
27.03.2015, 21:17
| #7 |
| | Windows 8 _ Internet ladet sehr langsam bis gar nicht!Code:
ATTFilter # AdwCleaner v4.113 - Bericht erstellt 27/03/2015 um 19:34:38
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-27.1 [Server]
# Betriebssystem : Windows 8 (x64)
# Benutzername : Christine K - CHRISTINE
# Gestarted von : C:\Users\Christine K\Desktop\AdwCleaner_4.113.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Users\Christine K\AppData\LocalLow\WeatherBlinkEI
Ordner Gelöscht : C:\Users\Christine K\AppData\Roaming\RHEng
Datei Gelöscht : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Datei Gelöscht : C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
***** [ Internetbrowser ] *****
-\\ Internet Explorer v10.0.9200.17116
-\\ Mozilla Firefox v36.0.4 (x86 de)
-\\ Google Chrome v41.0.2272.101
*************************
AdwCleaner[R0].txt - [23707 Bytes] - [24/08/2014 10:42:13]
AdwCleaner[R1].txt - [3168 Bytes] - [27/03/2015 19:29:59]
AdwCleaner[S0].txt - [21568 Bytes] - [24/08/2014 10:44:51]
AdwCleaner[S1].txt - [3032 Bytes] - [27/03/2015 19:34:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3091 Bytes] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 27.03.2015 Suchlauf-Zeit: 20:24:03 Logdatei: mbamlog.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.03.27.08 Rootkit Datenbank: v2015.03.26.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: Christine K Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 415534 Verstrichene Zeit: 18 Min, 2 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 8 x64
Ran by Christine K on 27.03.2015 at 20:49:29,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.03.2015 at 20:59:51,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Christine K at 2015-03-27 21:06:17
Running from C:\Users\Christine K\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2215 - AVAST Software)
CLIQZ (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.68 - CLIQZ.com)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3124 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
CyberLink PowerDirector (Version: 9.0.0.3815c - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Studio version 6.5.0.219 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.219 - DVDVideoSoft Ltd.)
Free YouTube to DVD Converter version 3.1.44.908 (HKLM-x32\...\Free YouTube to DVD Converter_is1) (Version: 3.1.44.908 - DVDVideoSoft Ltd.)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
INet (HKLM-x32\...\Alcatel Limo INet_is1) (Version: - Alcatel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion)
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Medion Home Cinema 10 (x32 Version: 10.1924 - CyberLink Corp.) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\MyFreeCodec) (Version: - )
Nero 7 Ultra Edition (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1031}) (Version: 7.02.6445 - Nero AG)
NVIDIA Graphics Driver 307.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.17 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
QuickLaunch (HKLM-x32\...\{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}) (Version: 1.00.0019 - Lenovo Group Limited)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6722 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13034_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13034_9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Serif PhotoPlus X4 (HKLM-x32\...\{AFA3224E-8AD6-4EFA-9DBA-A2E499F30282}) (Version: 14.0.2.013 - Serif (Europe) Ltd)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.12 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4175245928-530565587-4270067117-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Christine K\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4175245928-530565587-4270067117-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Christine K\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4175245928-530565587-4270067117-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Christine K\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4175245928-530565587-4270067117-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Christine K\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
03-03-2015 17:26:22 Geplanter Prüfpunkt
15-03-2015 16:04:52 Geplanter Prüfpunkt
17-03-2015 16:32:32 avast! antivirus system restore point
23-03-2015 20:26:59 avast! antivirus system restore point
26-03-2015 20:33:42 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 06:26 - 2015-03-26 20:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0E22486E-BD76-4AB8-82D9-FF0499C69DC1} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {13EC81F6-39DB-4D41-8361-E0E2A5B1FD5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {5E4D3901-C47F-495E-8771-679433B59FF6} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-05] (Synaptics Incorporated)
Task: {7D0A15EE-44AB-43ED-9ADD-57A58CE28BF3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-03-09] (Microsoft Corporation)
Task: {91A490A9-5E51-4B17-B776-5454C5597F2A} - System32\Tasks\{B18CDD16-41A6-434D-BA05-D6C2DCFC3B77} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/go/help.faq.installer?LastError=1603
Task: {B677D670-3A21-403B-A8A0-4959FB1F0934} - System32\Tasks\{D10111CA-AA61-4DA3-AC01-0AD09298835E} => Firefox.exe hxxp://ui.skype.com/ui/0/6.5.0.158/de/go/help.faq.installer?LastError=1603
Task: {BC1ECBC6-6527-412D-86C4-66AAD2E1A099} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {C54C63EA-8879-4F42-904A-3BC344E56201} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-23] (Avast Software s.r.o.)
Task: {E8E2F775-6C86-4753-A8BA-F60628E92550} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {F6AC475F-6A16-4F59-85E0-3E79A0BF6EDF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {FDCFC2B3-C149-4CA9-B711-BC94CEE5068A} - System32\Tasks\{EA164A1F-A2B5-470A-A8CD-21DB698174F9} => Firefox.exe hxxp://ui.skype.com/ui/0/6.5.0.158/de/go/help.faq.installer?LastError=1603
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2013-11-26 18:19 - 2012-03-14 12:05 - 00053312 _____ () C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe
2014-04-18 11:48 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-11-14 08:45 - 2012-10-19 12:27 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2012-11-14 09:03 - 2012-10-22 18:39 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-26 18:19 - 2012-03-23 09:25 - 00125504 _____ () C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe
2015-03-23 20:29 - 2015-03-23 20:29 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-23 20:29 - 2015-03-23 20:29 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-27 13:55 - 2015-03-27 13:55 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\15032700\algo.dll
2015-03-27 19:44 - 2015-03-27 19:44 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15032701\algo.dll
2015-03-17 16:35 - 2015-03-17 16:35 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-27 22:54 - 2014-10-27 22:54 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\e5fff0dbaa6ea962dc3bd611929ad347\PSIClient.ni.dll
2012-11-14 09:20 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Christine K\Desktop\Mondkalender - Mondkalender - Horoskop - krone.at.website:TASKICON_0favicon1641131783
AlternateDataStreams: C:\Users\Christine K\Desktop\Mondkalender - Mondkalender - Horoskop - krone.at.website:TASKICON_1favicon-636825232
AlternateDataStreams: C:\Users\Christine K\Desktop\Mondkalender - Mondkalender - Horoskop - krone.at.website:TASKICON_2favicon-2027343776
AlternateDataStreams: C:\Users\Christine K\Desktop\Mondkalender - Mondkalender - Horoskop - krone.at.website:TASKICON_3favicon354031438
AlternateDataStreams: C:\Users\Christine K\Desktop\Mondkalender - Mondkalender - Horoskop - krone.at.website:TASKICON_4favicon1129091835
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4175245928-530565587-4270067117-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Christine K\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\StartupApproved\Run: => ""
HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\StartupApproved\Run: => "Skype"
==================== Accounts: =============================
Administrator (S-1-5-21-4175245928-530565587-4270067117-500 - Administrator - Disabled)
Christine K (S-1-5-21-4175245928-530565587-4270067117-1002 - Administrator - Enabled) => C:\Users\Christine K
Gast (S-1-5-21-4175245928-530565587-4270067117-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4175245928-530565587-4270067117-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-4175245928-530565587-4270067117-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 24%
Total physical RAM: 8070.57 MB
Available physical RAM: 6087.48 MB
Total Pagefile: 9286.57 MB
Available Pagefile: 7262.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:533.22 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:40.8 GB) NTFS
Drive g: (CHRISSI) (Removable) (Total:3.91 GB) (Free:2.8 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 462A80D0)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 3.9 GB) (Disk ID: C6FF3978)
Partition 1: (Not Active) - (Size=3.9 GB) - (Type=0B)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Christine K (administrator) on CHRISTINE on 27-03-2015 21:05:02 Running from C:\Users\Christine K\Desktop Loaded Profiles: UpdatusUser & Christine K (Available profiles: UpdatusUser & Christine K) Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe () C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-09-05] (Synaptics Incorporated) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-28] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Alcatel Limo ModemListener] => C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe [125504 2012-03-23] () HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-23] (Avast Software s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\Run: [AppLauncher] => C:\Program Files (x86)\Medion MediaPack 3\Ashampoo AppLauncher (Medion)\AppLauncher.exe [969656 2012-08-10] (Ashampoo) HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\Run: [Power2GoExpress8] => NA HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG) HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1511792 2013-03-28] (Samsung) HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics) HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-03-28] (Samsung) HKU\S-1-5-21-4175245928-530565587-4270067117-1001\...\MountPoints2: {0a75eed9-0cc3-11e3-be99-d697da080bb1} - "F:\AutoRun.exe" HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG) HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1511792 2013-03-28] (Samsung) HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics) HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [247144 2012-10-11] (NVIDIA Corporation) AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [203112 2012-10-11] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4175245928-530565587-4270067117-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4175245928-530565587-4270067117-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4175245928-530565587-4270067117-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4175245928-530565587-4270067117-1001 -> {7AE84D7C-9652-46BF-A616-E9EBF6D14146} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=96b342b4000000000000161a3c841caa&r=812 BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-09] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-23] (Avast Software s.r.o.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-09] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-23] (Avast Software s.r.o.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-10-24] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Christine K\AppData\Roaming\Mozilla\Firefox\Profiles\3azibh0d.default-1427376267154 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-03] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-03] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN) FF SearchPlugin: C:\Users\Christine K\AppData\Roaming\Mozilla\Firefox\Profiles\3azibh0d.default-1427376267154\searchplugins\google-images.xml [2015-03-26] FF SearchPlugin: C:\Users\Christine K\AppData\Roaming\Mozilla\Firefox\Profiles\3azibh0d.default-1427376267154\searchplugins\google-maps.xml [2015-03-26] FF Extension: Cliqz Beta - C:\Users\Christine K\AppData\Roaming\Mozilla\Firefox\Profiles\3azibh0d.default-1427376267154\Extensions\cliqz@cliqz.com [2015-03-26] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-12] FF HKU\S-1-5-21-4175245928-530565587-4270067117-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Christine K\AppData\Roaming\Mozilla\Firefox\Profiles\3azibh0d.default-1427376267154\extensions\cliqz@cliqz.com Chrome: ======= CHR HomePage: Default -> CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\default CHR Extension: (Google Docs) - C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-10] CHR Extension: (Google Drive) - C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-10] CHR Extension: (YouTube) - C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-10] CHR Extension: (Google Search) - C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-10] CHR Extension: (Avast Online Security) - C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-10] CHR Extension: (Google Wallet) - C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-10] CHR Extension: (Gmail) - C:\Users\Christine K\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-10] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Alcatel Limo Modem Device Helper; C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe [53312 2012-03-14] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-23] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-17] (Avast Software) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation) R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink) R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] () R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AlcatelOTnet; C:\Windows\system32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd) U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-23] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-23] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-23] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-23] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-23] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-03-23] (Avast Software s.r.o.) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-23] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-03-23] () R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2012-11-14] (ITE ) S3 jrdusbser; C:\Windows\system32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-02-12] (Microsoft Corporation) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-17] (Avast Software) R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-27 21:01 - 2015-03-27 21:01 - 00000690 _____ () C:\Users\Christine K\Desktop\JRT.txt NEU.txt 2015-03-27 20:59 - 2015-03-27 20:59 - 00000695 _____ () C:\Users\Christine K\Desktop\JRT.txt 2015-03-27 20:46 - 2015-03-27 20:48 - 01388782 _____ (Thisisu) C:\Users\Christine K\Desktop\JRT.exe 2015-03-27 19:45 - 2015-03-27 20:45 - 00000000 ____D () C:\Users\Christine K\Desktop\Malwarebytes 2015-03-27 19:45 - 2015-03-27 19:57 - 07187597 _____ (Malwarebytes Corporation ) C:\Users\Christine K\Downloads\mbam-setup-2.1.4.1018.exe 2015-03-27 19:39 - 2015-03-27 19:39 - 00000000 ____D () C:\Users\Christine K\Desktop\AdwCleaner Protokoll 2015-03-26 21:00 - 2015-03-26 21:00 - 00023668 _____ () C:\Users\Christine K\Desktop\ComboFix.txt 2015-03-26 20:55 - 2015-03-26 20:56 - 00023788 _____ () C:\ComboFix.txt 2015-03-26 20:33 - 2015-03-26 20:56 - 00000000 ____D () C:\Qoobox 2015-03-26 20:33 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-03-26 20:33 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-03-26 20:33 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-03-26 20:33 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-03-26 20:33 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-03-26 20:33 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe 2015-03-26 20:33 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-03-26 20:33 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-03-26 20:33 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-03-26 20:32 - 2015-03-26 20:52 - 00000000 ____D () C:\Windows\erdnt 2015-03-26 20:24 - 2015-03-26 20:31 - 05615749 ____R (Swearware) C:\Users\Christine K\Desktop\ComboFix.exe 2015-03-26 18:46 - 2015-03-26 18:49 - 02168320 _____ () C:\Users\Christine K\Desktop\AdwCleaner_4.113.exe 2015-03-26 17:19 - 2015-03-26 17:19 - 00380416 _____ () C:\Users\Christine K\Downloads\Gmer-19357.exe 2015-03-26 17:12 - 2015-03-26 17:44 - 00028798 _____ () C:\Users\Christine K\Desktop\Addition.txt 2015-03-26 17:11 - 2015-03-27 21:05 - 00020634 _____ () C:\Users\Christine K\Desktop\FRST.txt 2015-03-26 17:10 - 2015-03-27 21:05 - 00000000 ____D () C:\FRST 2015-03-26 17:07 - 2015-03-26 17:10 - 02095616 _____ (Farbar) C:\Users\Christine K\Desktop\FRST64.exe 2015-03-26 17:04 - 2015-03-26 17:04 - 00050477 _____ () C:\Users\Christine K\Desktop\Defogger.exe 2015-03-26 17:04 - 2015-03-26 17:04 - 00000494 _____ () C:\Users\Christine K\Desktop\defogger_disable.log 2015-03-26 17:04 - 2015-03-26 17:04 - 00000000 _____ () C:\Users\Christine K\defogger_reenable 2015-03-26 15:12 - 2015-03-26 15:12 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-03-26 15:09 - 2015-03-26 15:12 - 02347384 _____ (ESET) C:\Users\Christine K\Downloads\esetsmartinstaller_deu.exe 2015-03-26 15:04 - 2015-03-26 15:04 - 00000000 ____D () C:\Users\Christine K\AppData\Roaming\Cliqz 2015-03-26 15:04 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll 2015-03-26 15:04 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll 2015-03-26 14:24 - 2015-03-26 14:24 - 00000000 ____D () C:\Users\Christine K\Desktop\Alte Firefox-Daten 2015-03-26 00:29 - 2015-03-26 15:06 - 00002168 _____ () C:\Users\Christine K\Desktop\Trojan Remover - CHIP Downloader.lnk 2015-03-25 20:18 - 2015-03-25 20:22 - 01203488 _____ () C:\Users\Christine K\Downloads\Trojan Remover - CHIP-Installer.exe 2015-03-23 20:29 - 2015-03-23 20:29 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-03-23 20:29 - 2015-03-23 20:29 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-03-23 15:20 - 2015-03-23 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-19 20:29 - 2015-03-19 20:29 - 04083631 _____ () C:\Users\Christine K\Downloads\Gespräch Nusser Christine.3ga 2015-03-19 20:28 - 2015-03-19 20:28 - 03268070 _____ () C:\Users\Christine K\Downloads\Eric.3ga 2015-03-19 19:29 - 2015-03-19 19:29 - 00000000 ____D () C:\Users\Christine K\Documents\Mein Weg in die Selbstständigkeit 2015-03-03 20:37 - 2015-03-03 20:39 - 76313280 _____ (Adobe Systems Incorporated) C:\Users\Christine K\Downloads\AdbeRdr11010_de_DE.exe 2015-03-03 20:36 - 2015-03-03 20:40 - 00000000 ____D () C:\Users\Christine K\AppData\Local\Adobe 2015-03-03 10:17 - 2015-03-03 10:18 - 00000197 _____ () C:\Windows\system32\2015-03-03-09-17-48.042-AvastVBoxSVC.exe-2360.log 2015-03-02 13:54 - 2015-03-02 13:55 - 00000197 _____ () C:\Windows\system32\2015-03-02-12-54-22.035-AvastVBoxSVC.exe-2208.log 2015-03-02 13:47 - 2015-03-02 13:49 - 00000197 _____ () C:\Windows\system32\2015-03-02-12-47-30.099-AvastVBoxSVC.exe-2180.log 2015-02-28 18:02 - 2015-02-28 18:03 - 00000000 ____D () C:\Users\Christine K\Documents\Rezepte 2015-02-28 14:37 - 2015-02-28 14:40 - 00000197 _____ () C:\Windows\system32\2015-02-28-13-37-29.039-AvastVBoxSVC.exe-3352.log 2015-02-27 21:13 - 2015-02-27 21:16 - 00000197 _____ () C:\Windows\system32\2015-02-27-20-13-57.094-AvastVBoxSVC.exe-3152.log 2015-02-27 21:08 - 2015-02-27 21:08 - 00000197 _____ () C:\Windows\system32\2015-02-27-20-08-06.098-AvastVBoxSVC.exe-3528.log 2015-02-27 20:53 - 2015-02-27 20:53 - 00000197 _____ () C:\Windows\system32\2015-02-27-19-53-04.038-AvastVBoxSVC.exe-3488.log 2015-02-25 15:30 - 2015-02-25 15:31 - 00000197 _____ () C:\Windows\system32\2015-02-25-14-30-58.077-AvastVBoxSVC.exe-3224.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-27 21:04 - 2013-01-17 20:05 - 01935842 _____ () C:\Windows\WindowsUpdate.log 2015-03-27 21:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru 2015-03-27 20:43 - 2014-08-24 11:14 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-27 20:09 - 2014-11-23 11:24 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-27 20:09 - 2014-11-23 11:24 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-27 19:39 - 2013-01-17 20:08 - 00000000 ____D () C:\Users\Christine K\Documents\Youcam 2015-03-27 19:37 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-27 19:36 - 2012-11-14 05:59 - 00232450 _____ () C:\Windows\PFRO.log 2015-03-27 19:35 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-03-27 19:34 - 2014-08-24 10:42 - 00000000 ____D () C:\AdwCleaner 2015-03-27 18:52 - 2013-12-19 12:54 - 02062336 ___SH () C:\Users\Christine K\Desktop\Thumbs.db 2015-03-27 18:36 - 2012-11-14 06:45 - 00754172 _____ () C:\Windows\system32\perfh007.dat 2015-03-27 18:36 - 2012-11-14 06:45 - 00156362 _____ () C:\Windows\system32\perfc007.dat 2015-03-27 18:36 - 2012-07-26 08:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-27 13:45 - 2013-08-31 12:24 - 00000000 ____D () C:\Users\Christine K\Documents\Energetik 2015-03-26 20:56 - 2012-07-26 06:37 - 00000000 __RHD () C:\Users\Default 2015-03-26 20:50 - 2012-07-26 06:26 - 00000215 _____ () C:\Windows\system.ini 2015-03-26 17:50 - 2013-01-20 11:22 - 00000667 _____ () C:\Users\Christine K\Desktop\Antenne Kärnten Livestream.website 2015-03-26 17:04 - 2013-01-17 20:05 - 00000000 ____D () C:\Users\Christine K 2015-03-25 19:37 - 2014-08-24 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-25 19:37 - 2014-08-24 11:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-24 21:45 - 2014-01-27 10:31 - 00000000 ____D () C:\Users\Christine K\Documents\Gesundheit 2015-03-24 15:34 - 2013-02-11 18:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-23 22:03 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-03-23 20:29 - 2014-11-22 13:34 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-03-23 20:29 - 2014-07-09 14:42 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-03-23 20:29 - 2014-07-09 14:42 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-03-23 20:29 - 2013-04-02 20:04 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-03-23 20:29 - 2013-04-02 20:04 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-03-23 20:29 - 2013-02-12 20:24 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-03-23 20:29 - 2013-02-12 20:24 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-03-23 20:29 - 2013-02-12 20:23 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-03-23 20:28 - 2013-02-12 20:23 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-03-23 15:11 - 2014-11-23 11:26 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-18 11:29 - 2013-03-23 17:18 - 00069632 ___SH () C:\Users\Christine K\Downloads\Thumbs.db 2015-03-18 09:31 - 2013-11-26 22:29 - 00000000 ____D () C:\Users\Christine K\Documents\Berufliches 2015-03-17 06:15 - 2014-08-24 11:13 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-17 06:15 - 2014-08-24 11:13 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-17 06:15 - 2014-08-24 11:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-09 22:26 - 2013-11-25 22:57 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-09 22:23 - 2013-02-26 20:10 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-03-09 21:58 - 2014-12-19 19:46 - 00013312 ___SH () C:\Users\Christine K\Documents\Thumbs.db 2015-02-26 19:38 - 2014-01-27 09:49 - 00000000 ____D () C:\Users\Christine K\Documents\AMS ==================== Files in the root of some directories ======= 2014-05-23 15:33 - 2014-08-24 10:34 - 0000097 _____ () C:\Users\Christine K\AppData\Roaming\WB.CFG 2013-02-12 19:12 - 2013-02-12 19:12 - 0009554 _____ () C:\Users\Christine K\AppData\Local\recently-used.xbel 2012-11-14 09:19 - 2012-11-14 09:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Christine K\AppData\Local\Temp\Quarantine.exe C:\Users\Christine K\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-27 13:35 ==================== End Of Log ============================ --- --- --- --- --- --- Hallo Matthias, bin heut noch eine Zeit online, danach erst am Sonntag wieder. Danke für deine Zeit und liebe Grüße, Christine |
|
28.03.2015, 13:11
| #8 |
| /// TB-Ausbilder | Windows 8 _ Internet ladet sehr langsam bis gar nicht! Servus, Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
|
|
29.03.2015, 17:03
| #9 |
| | Windows 8 _ Internet ladet sehr langsam bis gar nicht! Grüß Dich! Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 17:58 on 29/03/2015 by Christine K
Administrator - Elevation successful
========== filefind ==========
Searching for "*WeatherBlink*"
No files found.
========== folderfind ==========
Searching for "*WeatherBlink*"
C:\AdwCleaner\Quarantine\C\Users\Christine K\AppData\LocalLow\WeatherBlinkEI d------ [18:34 27/03/2015]
========== regfind ==========
Searching for "WeatherBlink"
No data found.
-= EOF =-
|
|
30.03.2015, 10:24
| #10 |
| /// TB-Ausbilder | Windows 8 _ Internet ladet sehr langsam bis gar nicht! Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
HKU\S-1-5-21-4175245928-530565587-4270067117-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
30.03.2015, 21:38
| #11 |
| | Windows 8 _ Internet ladet sehr langsam bis gar nicht! Hallo So, erstmal der Fixlog.txt. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Christine K at 2015-03-30 19:05:57 Run:1
Running from C:\Users\Christine K\Desktop
Loaded Profiles: UpdatusUser & Christine K (Available profiles: UpdatusUser & Christine K)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-4175245928-530565587-4270067117-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
EmptyTemp:
end
*****************
Processes closed successfully.
"HKU\S-1-5-21-4175245928-530565587-4270067117-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
EmptyTemp: => Removed 281.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog 19:06:40 ====
Code:
ATTFilter
Unerwarteter Fehler 2002. Außerdem habe ich dazu noch eine Frage. Ich habe 2 USB Stick und das Handy angeschlossen, da auch dieses sehr, sehr langsam reagiert. Außerdem habe ich auch noch eine externe Festplatte, die ich jedoch nicht gleichzeitig anschließen kann, da mir der Steckplatz fehlt. Wie gehe ich vor? Danke und LG Christine |
|
30.03.2015, 21:53
| #12 |
| /// TB-Ausbilder | Windows 8 _ Internet ladet sehr langsam bis gar nicht! Servus, erst mal nur die zwei USB-Sticks und die externe Festplatte anschließen. vor ESET bitte Minitoolbox wie folgt ausführen und dann ESET nochmal versuchen: Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool Setze einen Haken bei folgenden Einträgen
|
|
30.03.2015, 22:08
| #13 |
| | Windows 8 _ Internet ladet sehr langsam bis gar nicht! Grüß Dich Ich habe eine Samsung Festplatte, die hab ich schon lange nicht mehr benutzt. Habe sie nun angeschlossen und sie pipst lediglich und blinkt blau, wird nicht erkannt  Was ist da jetzt los? Kaputt?Code:
ATTFilter MiniToolBox by Farbar Version: 09-03-2015
Ran by Christine K (administrator) on 30-03-2015 at 23:08:09
Running from "C:\Users\Christine K\Desktop"
Microsoft Windows 8 (X64)
Model: Akoya P7818 Manufacturer: Medion
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows-IP-Konfiguration
Der DNS-Aufl�sungscache wurde geleert.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
**** End of log ****
|
|
30.03.2015, 22:15
| #14 | |
| /// TB-Ausbilder | Windows 8 _ Internet ladet sehr langsam bis gar nicht!Zitat:
Lass mal die externe Platte weg und versuch ESET nochmal. |
|
30.03.2015, 22:17
| #15 |
| | Windows 8 _ Internet ladet sehr langsam bis gar nicht! OK - mach ich |
|
| Themen zu Windows 8 _ Internet ladet sehr langsam bis gar nicht! |
| alcatel, antivirus, browser, converter, device driver, error, excel, failed, fehler, firefox, flash player, homepage, internet, langsam, mozilla, office 365, programm, prozess, realtek, registry, scan, software, svchost.exe, system, teredo, updates, usb, virus, windows, windowsapps |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
