Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Windows 8: fremde Dateien beim surfen entpackt, System sehr langsam

Windows 8: fremde Dateien beim surfen entpackt, System sehr langsam


Plagegeister aller Art und deren Bekämpfung: Windows 8: fremde Dateien beim surfen entpackt, System sehr langsam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 03.04.2015, 12:55   #1
minnie_me
 
Windows 8: fremde Dateien beim surfen entpackt, System sehr langsam - Standard

Windows 8: fremde Dateien beim surfen entpackt, System sehr langsam


Liebes Trojaner-Board-Team,

als ich gestern Abend etwas im Netz suchte, öffnete sich ein kleines Fenster und entpackte irgendeine Datei auf den Rechner. Was das war konnte ich nicht identifizieren, die Schrift war "kyrillisch".
Angeklickt bzw gedownloadet hatte ich nichts, daher bin ich mir nicht ganz sicher, ob sich nun schädliches Material auf unserem Laptop befindet.
Avira zeigt mir keinen Fund an. Spybot hat diverse Malware gefunden, kann diese aber nicht löschen.

Defogger etc habe ich durchlaufen lassen und folgende Logs erhalten:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Chrssi (administrator) on **** on 03-04-2015 12:56:32
Running from C:\Users\***\Desktop
Loaded Profiles: *** (Available profiles: ***)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Google Inc.) C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-04-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-06-17] ( (Atheros Communications))
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\Run: [Google Update] => C:\Users\Chrssi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-12] (Google Inc.)
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\MountPoints2: {f40816fc-5781-11e3-bebe-b888e3fdb262} - "E:\LGAutoRun.exe" 
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\Users\Chrssi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1225493163-4127186220-2738876131-1001 -> DefaultScope {CFAA2CD5-5AA6-405A-A7FD-92AB2F3C3A18} URL = 
SearchScopes: HKU\S-1-5-21-1225493163-4127186220-2738876131-1001 -> {CFAA2CD5-5AA6-405A-A7FD-92AB2F3C3A18} URL = 
SearchScopes: HKU\S-1-5-21-1225493163-4127186220-2738876131-1001 -> {D971CE01-3BCC-4E8A-B574-7A40BDEDA0F8} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=MGX&o=15359&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^JQ&apn_dtid=^YYYYYY^YY^DE&apn_uid=DCABB183-C5C6-4E97-8FD9-B5DA7B2991F3&apn_sauid=727B937C-8C5A-4BA2-BAF1-8C44FBB514A2
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-04-02] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-09] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-02] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-09] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-11] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-02] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-11] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKU\S-1-5-21-1225493163-4127186220-2738876131-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-09] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-09-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-10-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1225493163-4127186220-2738876131-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Chrssi\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-1225493163-4127186220-2738876131-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Chrssi\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-1225493163-4127186220-2738876131-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-12]
CHR Extension: (Google Drive) - C:\Users\Chrssi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (YouTube) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-12]
CHR Extension: (Google Search) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-12]
CHR Extension: (Google Wallet) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-12]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-04-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-04-02] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [322176 2014-06-17] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2014-10-21] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-06-17] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-04-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-04-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-01-06] (Avira Operations GmbH & Co. KG)
S3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [599752 2014-06-17] () [File not signed]
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 12:56 - 2015-04-03 12:57 - 00019594 _____ () C:\Users\***\Desktop\FRST.txt
2015-04-03 12:56 - 2015-04-03 12:56 - 00000000 ____D () C:\FRST
2015-04-03 12:55 - 2015-04-03 12:55 - 02095616 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2015-04-03 12:54 - 2015-04-03 12:54 - 00000474 _____ () C:\Users\***\Desktop\defogger_disable.log
2015-04-03 12:53 - 2015-04-03 12:53 - 00050477 _____ () C:\Users\***\Desktop\Defogger.exe
2015-04-02 20:38 - 2015-04-02 21:11 - 00000000 ____D () C:\Users\***\AppData\Roaming\ClassicShell
2015-04-02 20:38 - 2015-04-02 20:38 - 00000000 ____D () C:\ProgramData\ClassicShell
2015-04-02 20:37 - 2015-04-02 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-04-02 20:37 - 2015-04-02 20:37 - 00000000 ____D () C:\Program Files\Classic Shell
2015-04-02 20:34 - 2015-04-02 20:34 - 00000000 __SHD () C:\Users\***\AppData\Local\EmieBrowserModeList
2015-04-02 20:31 - 2015-04-02 20:31 - 01203488 _____ () C:\Users\***\Downloads\Classic Shell - CHIP-Installer.exe
2015-04-02 20:01 - 2015-04-02 20:01 - 00001153 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-02 20:00 - 2013-08-22 15:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150402-200050.backup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 12:56 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-03 12:46 - 2013-11-09 17:07 - 01139260 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-03 12:41 - 2012-12-14 19:31 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1225493163-4127186220-2738876131-1001
2015-04-03 12:41 - 2012-10-19 08:12 - 00000000 ____D () C:\ProgramData\WinClon
2015-04-03 12:39 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-03 12:39 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-03 12:39 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-03 12:38 - 2012-12-14 19:26 - 00000000 ____D () C:\Users\***\AppData\Local\CrashDumps
2015-04-03 12:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-02 21:11 - 2012-12-15 08:11 - 00000000 ____D () C:\Users\***\AppData\Local\Adobe
2015-04-02 21:09 - 2014-10-23 19:41 - 00004686 _____ () C:\WINDOWS\setupact.log
2015-04-02 21:09 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-02 21:08 - 2014-10-23 19:32 - 00013674 _____ () C:\WINDOWS\PFRO.log
2015-04-02 20:57 - 2013-11-07 22:29 - 00000000 ____D () C:\Users\***
2015-04-02 20:47 - 2014-10-16 21:10 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-02 20:23 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-02 20:17 - 2013-07-12 17:00 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1225493163-4127186220-2738876131-1001UA.job
2015-04-02 20:01 - 2014-08-14 20:26 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-02 20:01 - 2013-02-05 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-02 20:01 - 2013-02-05 15:35 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-02 19:49 - 2013-11-13 08:15 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6AAE1431-92D2-40BE-9EA6-077D34A45FC1}
2015-04-02 19:45 - 2013-05-02 10:24 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-04-02 19:45 - 2013-04-21 18:16 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-04-02 19:45 - 2013-04-21 18:16 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-04-02 19:37 - 2013-08-22 16:44 - 00554360 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-24 19:17 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-24 19:15 - 2012-12-15 07:49 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-24 19:12 - 2014-07-15 17:17 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-24 19:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-24 19:11 - 2015-01-21 22:19 - 00000000 ____D () C:\WINDOWS\system32\appraiser

==================== Files in the root of some directories =======

2013-07-28 01:25 - 2013-10-28 13:27 - 0000111 _____ () C:\Users\***\AppData\Roaming\WB.CFG
2013-06-23 15:25 - 2013-10-28 13:27 - 0000006 _____ () C:\Users\***\AppData\Roaming\WBPU-TTL.DAT
2013-10-07 21:47 - 2013-10-07 21:47 - 0001456 _____ () C:\Users\***\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2013-03-26 20:58 - 2013-04-27 12:32 - 0007604 _____ () C:\Users\***\AppData\Local\Resmon.ResmonCfg
2013-02-25 17:01 - 2013-02-21 17:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-02-25 17:01 - 2013-01-13 00:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe


Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-01 13:40

==================== End Of Log ============================
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by *** at 2015-04-03 12:59:00
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{403A4E7A-D239-04D8-6A3D-31DD203C018D}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
CardRecovery 6.00 (HKLM-x32\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version:  - WinRecovery Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
FaceFilter v3.02 SE (HKLM-x32\...\{6020758E-57A9-41E3-AF20-8EE311EA6156}) (Version: 3.02.2713.1 - Reallusion Inc.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.326 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.12.18 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.50 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.19 - Safer-Networking Ltd.)
Support Center (HKLM\...\{AB0DEFBB-1A16-47B5-86D2-39F0A2B24AE4}) (Version: 2.1.1210 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{4F1936F8-82B4-437E-BC47-FAB9136A04B2}) (Version: 2.2.2 - Samsung Electronics CO., LTD.)
TeamSpeak 3 Client (HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
User Guide (HKLM-x32\...\{2888FDD1-5EEC-4D56-84B7-4D20DAC0E090}) (Version: 1.3.00 - Samsung Electronics CO., LTD.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows-Treiberpaket - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1225493163-4127186220-2738876131-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
CustomCLSID: HKU\S-1-5-21-1225493163-4127186220-2738876131-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\***\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1225493163-4127186220-2738876131-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\***\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1225493163-4127186220-2738876131-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\***\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1225493163-4127186220-2738876131-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\***\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1225493163-4127186220-2738876131-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\***\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1225493163-4127186220-2738876131-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\***\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1225493163-4127186220-2738876131-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\***\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

21-11-2014 22:07:58 Windows Update
27-11-2014 21:53:03 Windows Update
06-12-2014 19:19:59 Installed SW Update
13-12-2014 00:01:50 Windows Update
15-01-2015 14:47:13 Windows Update
19-01-2015 23:30:25 Windows Update
24-01-2015 14:32:33 Windows Update
28-01-2015 21:21:19 Windows Modules Installer
15-03-2015 14:37:14 Windows Update
02-04-2015 20:35:34 Installed Classic Shell

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {095D7EFB-4D30-4969-9A6A-8A327EE4F776} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.)
Task: {13AA811A-057C-4D7B-9D1D-A9682209C4C5} - System32\Tasks\DSite => C:\Users\***\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {304C74F3-E453-4057-BAC5-BF54B3BBB4F5} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2014-11-12] (SEC)
Task: {3169D3ED-9CBF-4EA1-8ED8-EF58294E339F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-02] (Microsoft Corporation)
Task: {3852D275-616A-4724-B0AB-B8BE2B787024} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-10-10] (Samsung Electronics CO., LTD.)
Task: {422CB321-D087-45B3-ACCD-8D17F9BE51A4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-02] (Microsoft Corporation)
Task: {4F76BB95-6D45-4F0A-995C-203D39EA850C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1225493163-4127186220-2738876131-1001UA => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.)
Task: {630520AE-B2C1-4D9A-BDEB-5EE26B3BCDB3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-02] (Microsoft Corporation)
Task: {70EB9CC6-D347-41F8-8BC5-D94FE6C129AB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {79713469-126D-4CD1-9DFB-1AD73484CF7F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {9DA09ED4-B066-4B10-B5B5-D9B7C927AFB8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {A7FB3B6D-BE23-44B5-84FB-4F446DB262AC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-24] (Microsoft Corporation)
Task: {CE3064CC-67E5-4C25-BB3F-B914A8BA0E4D} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ka1514-697@online.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {E121F40B-94A0-448F-8FA7-4898D77A1AD4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1225493163-4127186220-2738876131-1001Core => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.)
Task: {E801A9F2-F50B-487B-AFEB-7789968FE22E} - System32\Tasks\AdobeAAMUpdater-1.0-Chrissi-*** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\DSite.job => C:\Users\***\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1225493163-4127186220-2738876131-1001Core.job => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1225493163-4127186220-2738876131-1001UA.job => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2014-10-16 21:10 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-06-17 08:32 - 2014-06-17 08:32 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-06-17 08:29 - 2014-06-17 08:29 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-06-17 08:35 - 2014-06-17 08:35 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-10-10 21:35 - 2014-10-10 21:35 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-07-07 13:55 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-07-07 13:55 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-07-07 13:55 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-07-07 13:55 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-07-07 13:55 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 01141056 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2015-02-23 15:19 - 2015-02-18 00:44 - 01117512 _____ () C:\Users\***\AppData\Local\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-23 15:19 - 2015-02-18 00:44 - 00211272 _____ () C:\Users\***\AppData\Local\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-23 15:19 - 2015-02-18 00:44 - 09171272 _____ () C:\Users\***\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\***\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\StartupApproved\Run: => "KiesAirMessage"

==================== Accounts: =============================

Administrator (S-1-5-21-1225493163-4127186220-2738876131-500 - Administrator - Disabled)
*** (S-1-5-21-1225493163-4127186220-2738876131-1001 - Administrator - Enabled) => C:\Users\***
Gast (S-1-5-21-1225493163-4127186220-2738876131-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1225493163-4127186220-2738876131-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Standard OpenHCD USB-Hostcontroller
Description: Standard OpenHCD USB-Hostcontroller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: usbohci
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2015 00:38:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4f8350e0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebf2e
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000606c
ID des fehlerhaften Prozesses: 0x12ec
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5

Error: (04/03/2015 00:38:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: CCC.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ObjectDisposedException
Stapel:
   bei System.Threading.TimerQueueTimer.Change(UInt32, UInt32)
   bei ATI.ACE.CCC.Implementation.CCC_Main.CCCNewThreadBegin(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (04/02/2015 09:12:18 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
   bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
   bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
   bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
   bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei S...

Error: (04/02/2015 09:11:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Chrissi)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/02/2015 09:11:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Chrissi)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/02/2015 09:11:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Chrissi)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/02/2015 09:11:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Chrissi)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/02/2015 09:09:47 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.

Error: (04/02/2015 08:56:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17284 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 86c

Startzeit: 01d06d6e29da7017

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\Explorer.EXE

Berichts-ID: 72c2038b-d967-11e4-bee8-b888e3fdb262

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/02/2015 08:44:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.3.9600.17284 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a74

Startzeit: 01d06d745ab85841

Endzeit: 109

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: 4554999f-d968-11e4-bee8-b888e3fdb262

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (04/02/2015 09:11:34 PM) (Source: DCOM) (EventID: 10010) (User: Chrissi)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1

Error: (04/02/2015 09:11:34 PM) (Source: DCOM) (EventID: 10010) (User: Chrissi)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.4

Error: (04/02/2015 09:11:29 PM) (Source: DCOM) (EventID: 10010) (User: Chrissi)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1

Error: (04/02/2015 09:11:29 PM) (Source: DCOM) (EventID: 10010) (User: Chrissi)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.4

Error: (04/02/2015 09:11:19 PM) (Source: DCOM) (EventID: 10016) (User: Chrissi)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Chrissi***S-1-5-21-1225493163-4127186220-2738876131-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/02/2015 09:11:19 PM) (Source: DCOM) (EventID: 10016) (User: Chrissi)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Chrissi***S-1-5-21-1225493163-4127186220-2738876131-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/02/2015 09:11:19 PM) (Source: DCOM) (EventID: 10016) (User: Chrissi)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Chrissi***S-1-5-21-1225493163-4127186220-2738876131-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/02/2015 09:11:19 PM) (Source: DCOM) (EventID: 10016) (User: Chrissi)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Chrissi***S-1-5-21-1225493163-4127186220-2738876131-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/02/2015 09:09:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%14001

Error: (04/02/2015 09:09:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31


Microsoft Office Sessions:
=========================
Error: (04/03/2015 00:38:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe3.5.0.04f8350e0KERNELBASE.dll6.3.9600.1727853eebf2ee0434352000000000000606c12ec01d06dfa39ec8438C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\system32\KERNELBASE.dll9d20b354-d9ed-11e4-bee9-b888e3fdb262

Error: (04/03/2015 00:38:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: CCC.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ObjectDisposedException
Stapel:
   bei System.Threading.TimerQueueTimer.Change(UInt32, UInt32)
   bei ATI.ACE.CCC.Implementation.CCC_Main.CCCNewThreadBegin(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (04/02/2015 09:12:18 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
   bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
   bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
   bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
   bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei S...

Error: (04/02/2015 09:11:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Chrissi)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (04/02/2015 09:11:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Chrissi)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (04/02/2015 09:11:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Chrissi)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (04/02/2015 09:11:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Chrissi)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (04/02/2015 09:09:47 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

Error: (04/02/2015 08:56:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.1728486c01d06d6e29da70174294967295C:\WINDOWS\Explorer.EXE72c2038b-d967-11e4-bee8-b888e3fdb262

Error: (04/02/2015 08:44:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.3.9600.17284a7401d06d745ab85841109C:\Windows\explorer.exe4554999f-d968-11e4-bee8-b888e3fdb262


==================== Memory info =========================== 

Processor: AMD A6-4400M APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 38%
Total physical RAM: 5595.02 MB
Available physical RAM: 3451.63 MB
Total Pagefile: 6555.02 MB
Available Pagefile: 4093.73 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:905.48 GB) (Free:688.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3945EBAC)

Partition: GPT Partition Type.

==================== End Of Log ============================
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-03 13:09:01
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000001d ST1000LM024_HN-M101MBB rev.2AR10002 931,51GB
Running: us73qz2e.exe; Driver: C:\Users\***\AppData\Local\Temp\kwldqpod.sys


---- User code sections - GMER 2.1 ----

.text   C:\WINDOWS\system32\atiesrxx.exe[956] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                      00007ffc50f3169a 4 bytes [F3, 50, FC, 7F]
.text   C:\WINDOWS\system32\atiesrxx.exe[956] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                      00007ffc50f316a2 4 bytes [F3, 50, FC, 7F]
.text   C:\WINDOWS\system32\atiesrxx.exe[956] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                         00007ffc50f3181a 4 bytes [F3, 50, FC, 7F]
.text   C:\WINDOWS\system32\atiesrxx.exe[956] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                         00007ffc50f31832 4 bytes [F3, 50, FC, 7F]
.text   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1916] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506  00007ffc50f3169a 4 bytes [F3, 50, FC, 7F]
.text   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1916] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514  00007ffc50f316a2 4 bytes [F3, 50, FC, 7F]
.text   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1916] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118     00007ffc50f3181a 4 bytes [F3, 50, FC, 7F]
.text   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1916] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142     00007ffc50f31832 4 bytes [F3, 50, FC, 7F]
.text   C:\WINDOWS\system32\atieclxx.exe[5720] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                     00007ffc50f3169a 4 bytes [F3, 50, FC, 7F]
.text   C:\WINDOWS\system32\atieclxx.exe[5720] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                     00007ffc50f316a2 4 bytes [F3, 50, FC, 7F]
.text   C:\WINDOWS\system32\atieclxx.exe[5720] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                        00007ffc50f3181a 4 bytes [F3, 50, FC, 7F]
.text   C:\WINDOWS\system32\atieclxx.exe[5720] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                        00007ffc50f31832 4 bytes [F3, 50, FC, 7F]
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[5820] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                        00007ffc491f1f6a 4 bytes [1F, 49, FC, 7F]
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[5820] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                        00007ffc491f1f82 4 bytes [1F, 49, FC, 7F]
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[3288] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                         00007ffc491f1f6a 4 bytes [1F, 49, FC, 7F]
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[3288] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                         00007ffc491f1f82 4 bytes [1F, 49, FC, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [2344:5696]                                                                                         fffff96000942b90

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                             unknown MBR code

---- EOF - GMER 2.1 ----
Muss ich noch irgendetwas machen?

Vielen Dank schonmal

 

Themen zu Windows 8: fremde Dateien beim surfen entpackt, System sehr langsam
adware, antivir, antivirus, browser, converter, einstellung, google, helper, homepage, installation, langsam, malware, mozilla, mp3, office 365, programm, realtek, registry, scan, security, software, svchost.exe, system, usb, windows, wlan


« Avast meldet ständig bösartige Website blockiert (URL:Mal) - Prozess "svchost.exe" | HEUR/QVM10.1.Malware.Gen kann von 360 Internet Security nicht entfernt werden »


Ähnliche Themen: Windows 8: fremde Dateien beim surfen entpackt, System sehr langsam


  1. Windows 8.1 System sehr langsam... woran liegt's?
    Alles rund um Windows - 27.03.2015 (10)
  2. PC langsam, hängt sich beim Surfen auf, Bluescreen, Advanced System Protector, Win32:Dropper-gen, Win32:Malware-gen, Win32:Rootkit-gen u.a.
    Log-Analyse und Auswertung - 07.02.2015 (12)
  3. Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab
    Log-Analyse und Auswertung - 31.01.2015 (25)
  4. Windows 7: Bildschirm friert ein + System ist sehr langsam geworden
    Log-Analyse und Auswertung - 31.12.2014 (27)
  5. Win7 PC beim Surfen sehr langsam (Aufbau von Websites)
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (28)
  6. Windows7: PC extrem langsam, Skriptfehler beim surfen
    Log-Analyse und Auswertung - 06.02.2014 (9)
  7. Windows 7: System und Browser sehr langsam: G-Service als ursache?
    Log-Analyse und Auswertung - 21.01.2014 (10)
  8. Windows 7 : Computer ist langsam und zeigt beim Surfen übermäßig Werbung an
    Log-Analyse und Auswertung - 03.09.2013 (5)
  9. Windows Vista ist beim Hochfahren sehr langsam
    Alles rund um Windows - 03.04.2013 (6)
  10. Surfen geht sehr langsam IE oder Firefox
    Plagegeister aller Art und deren Bekämpfung - 30.10.2012 (2)
  11. Internet nach längerem surfen oder beim Filme schauen sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (24)
  12. Browser seit neuem sehr langsam beim surfen besonders mailabruf
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (9)
  13. PC wird sehr langsam beim Surfen im Netz, I-net bricht ab
    Alles rund um Windows - 23.08.2010 (6)
  14. fremde seite öffnet sich In Mozilla firefox beim Surfen.
    Plagegeister aller Art und deren Bekämpfung - 25.07.2010 (37)
  15. System ist sehr langsam und TrayIcons erscheinen beim Start nicht
    Plagegeister aller Art und deren Bekämpfung - 27.02.2010 (6)
  16. Surfen geht nur sehr langsam trotz DSL
    Log-Analyse und Auswertung - 16.10.2004 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 8: fremde Dateien beim surfen entpackt, System sehr langsam - Liebes Trojaner-Board-Team, als ich gestern Abend etwas im Netz suchte, öffnete sich ein kleines Fenster und entpackte irgendeine Datei auf den Rechner. Was das war konnte ich nicht identifizieren, die - Windows 8: fremde Dateien beim surfen entpackt, System sehr langsam...
Archiv
Du betrachtest: Windows 8: fremde Dateien beim surfen entpackt, System sehr langsam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55