| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 8: Internet leitet auf andere Seiten weiterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.08.2014, 13:55
| #1 |
| |  Windows 8: Internet leitet auf andere Seiten weiter Hallo zusammen Ich habe ein Problem, wenn ich am surfen bin werde ich automatisch auf andere seiten weitergeleitet. Hier sind die Logs davon FRST: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Marko at 2014-08-03 14:44:43
Running from C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{9329FB02-864A-0B4D-B98E-EDECF804F22B}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0518.334.4496 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.4.6515 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.2.4128 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3026 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.4.3026 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.4.3021 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3024 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.1.3024 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.1.2922 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Ihr Firmenname)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{BB27C290-AB30-4D9E-A5D1-88745AAE42E9}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 11.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{1C5BBAD8-4079-4014-8803-751333FBC112}) (Version: 1.0.8 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.6.0.1033 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Ihr Firmenname)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{931210CE-36BC-BB05-9559-D2320932312E}) (Version: 11.0.738.3 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.27.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 1.1.9200.15 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)
SNT (HKLM-x32\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: 4.2.0.1362 - SNT) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
29-06-2014 10:48:17 Geplanter Prüfpunkt
26-07-2014 19:20:17 Geplanter Prüfpunkt
28-07-2014 18:25:49 Removed Energy Star
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0045527E-95CC-4AD8-B8EF-92955B17F239} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {116C34B2-828B-471B-AC5B-9F8175EDE293} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {1B848EE5-1C91-437B-B618-466256BC2E8D} - System32\Tasks\SO.Booster-S-603818780 => c:\programdata\topapp software\so.booster\SO.Booster.exe <==== ATTENTION
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {20FED990-1A40-4B9B-92E3-15470DC50875} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {36FDF4A6-A189-41BB-A136-E48010696965} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {401D3946-3D7A-43B7-9B14-A8B7602D39F9} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {47AB1C4E-38C4-4DBB-A7D5-96D584BCF234} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {64E4A49C-1246-4C2A-BC0E-C4505668A9BD} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6B0B4558-0C31-4B87-9E3A-D2608B718EFC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6F134933-2CAA-4DBB-8E25-D7D745208B57} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-27] (Microsoft Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {751781C6-8D3D-4557-830D-3B5B5DF4C05D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7F3667B6-6A10-4146-8EF1-0546166CEB2E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {98C81502-B53B-4FC4-9FED-C88FCFC57209} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B5A23A08-8E1C-4EA5-843E-42F652EC532F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C03BBFD6-F20A-4CE5-8F8B-11559A699442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C2924110-4E41-4FF3-8233-95BF206C53D5} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {CFFAB8E5-45C4-4F81-B4F0-FA697E49BD40} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D915C949-9479-4CD4-A524-A98E74469523} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E17EFE45-4BC9-47DA-8452-22D8D3BEE857} - System32\Tasks\HPCeeScheduleForMarko => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E7D741E5-E26A-4ED1-A831-56A3ED6E2BA0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-26] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMarko.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\SO.Booster-S-603818780.job => c:\programdata\topapp software\so.booster\SO.Booster.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2013-05-14 18:33 - 2013-05-14 18:33 - 00016632 _____ () C:\Windows\system32\BsHelpCSps.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00029432 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2013-05-24 11:22 - 2013-05-24 11:22 - 00334648 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2011-07-05 11:53 - 2011-07-05 11:53 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00016632 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00062200 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00080120 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00371448 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll
2013-11-16 00:35 - 2013-03-12 16:51 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-12 23:53 - 2013-03-12 23:53 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-11-16 00:02 - 2013-05-08 23:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00029432 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2014-05-01 22:40 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Marko\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Marko\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\Marko\SkyDrive.old:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/03/2014 02:42:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c70
Startzeit: 01cfaf17af6b3157
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: a5fbc5e6-1b0b-11e4-bf26-3423872d76c6
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (08/03/2014 02:36:14 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
Error: (08/03/2014 02:26:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 900
Startzeit: 01cfaf15652a570d
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 58ae6429-1b09-11e4-bf25-3423872d76c6
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (08/03/2014 02:11:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1ac0
Startzeit: 01cfaf134cbe2b94
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 40386ea5-1b07-11e4-bf25-3423872d76c6
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (08/03/2014 02:00:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363
Name des fehlerhaften Moduls: mbamcore.dll, Version: 1.0.11.0, Zeitstempel: 0x536d8027
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000b6141
ID des fehlerhaften Prozesses: 0x398
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3
Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5
Error: (08/03/2014 01:57:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e24
Startzeit: 01cfaf11513ee4d9
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 47ef6262-1b05-11e4-bf25-3423872d76c6
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (08/03/2014 01:51:13 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
Error: (08/02/2014 10:03:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: cb0
Startzeit: 01cfae8c204d6fb6
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 13f164d7-1a80-11e4-bf24-3423872d76c6
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (08/02/2014 05:01:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Error: (08/01/2014 06:05:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
System errors:
=============
Error: (08/03/2014 02:36:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SO.Sustainer erreicht.
Error: (08/03/2014 02:35:22 PM) (Source: DCOM) (EventID: 10010) (User: MARKOPC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (08/03/2014 02:00:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (08/03/2014 02:00:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (08/03/2014 02:00:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/03/2014 01:51:11 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000113 (0x0000000000000017, 0xffffe0012cdfc540, 0x0000000000000000, 0x0000000000000000)C:\WINDOWS\MEMORY.DMP080314-23125-01
Error: (08/03/2014 01:51:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 02.08.2014 um 21:49:03 unerwartet heruntergefahren.
Error: (08/03/2014 01:50:42 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212254731173328
Error: (08/02/2014 10:14:49 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SE551",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A092FAB9-DA75-458A-9AEA-4A4E5BEC527A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (08/02/2014 03:48:43 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 0.0.0.0 mit dem Computer mit der
Netzwerkhardwareadresse 00-00-00-00-00-00 ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Microsoft Office Sessions:
=========================
Error: (08/03/2014 02:42:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498c7001cfaf17af6b31574294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exea5fbc5e6-1b0b-11e4-bf26-3423872d76c6microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (08/03/2014 02:36:14 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:
Error: (08/03/2014 02:26:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2049890001cfaf15652a570d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe58ae6429-1b09-11e4-bf25-3423872d76c6microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (08/03/2014 02:11:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.204981ac001cfaf134cbe2b944294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe40386ea5-1b07-11e4-bf25-3423872d76c6microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (08/03/2014 02:00:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamcore.dll1.0.11.0536d8027c0000417000b614139801cfaf11f5a9d8fcC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamcore.dllbc2a9eca-1b05-11e4-bf25-3423872d76c6
Error: (08/03/2014 01:57:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498e2401cfaf11513ee4d94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe47ef6262-1b05-11e4-bf25-3423872d76c6microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (08/03/2014 01:51:13 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:
Error: (08/02/2014 10:03:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498cb001cfae8c204d6fb64294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe13f164d7-1a80-11e4-bf24-3423872d76c6microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (08/02/2014 05:01:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsSMSEditor.exe
Error: (08/01/2014 06:05:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsSMSEditor.exe
CodeIntegrity Errors:
===================================
Date: 2014-06-08 14:07:24.770
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-06-08 14:07:24.707
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 7962.15 MB
Available physical RAM: 6118.43 MB
Total Pagefile: 16154.15 MB
Available Pagefile: 14219.73 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:907.62 GB) (Free:842.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:22.78 GB) (Free:1.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 6AF372B9)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-03 14:51:34
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000022 HGST_HTS541010A9E680 rev.JA0OA590 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Marko\AppData\Local\Temp\uwtdypoc.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\atiesrxx.exe[924] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb4d25169a 4 bytes [25, 4D, FB, 7F]
.text C:\WINDOWS\system32\atiesrxx.exe[924] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb4d2516a2 4 bytes [25, 4D, FB, 7F]
.text C:\WINDOWS\system32\atiesrxx.exe[924] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb4d25181a 4 bytes [25, 4D, FB, 7F]
.text C:\WINDOWS\system32\atiesrxx.exe[924] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb4d251832 4 bytes [25, 4D, FB, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[384] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb4d25169a 4 bytes [25, 4D, FB, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[384] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb4d2516a2 4 bytes [25, 4D, FB, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[384] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb4d25181a 4 bytes [25, 4D, FB, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[384] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb4d251832 4 bytes [25, 4D, FB, 7F]
? C:\Windows\SYSTEM32\BsHelpCSps.dll [1776] entry point in ".data" section 0000000002cc5055
.text C:\Program Files\Windows Defender\MsMpEng.exe[2084] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffb4d25169a 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[2084] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffb4d2516a2 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[2084] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffb4d25181a 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[2084] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffb4d251832 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4120] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb4d25169a 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4120] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb4d2516a2 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4120] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb4d25181a 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4120] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb4d251832 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4536] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffb4d25169a 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4536] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffb4d2516a2 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4536] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffb4d25181a 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4536] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffb4d251832 4 bytes [25, 4D, FB, 7F]
? C:\Windows\SYSTEM32\BsHelpCSps.dll [4308] entry point in ".data" section 00000000031f5055
? C:\Windows\SYSTEM32\BlueSoleilCSps.dll [4308] entry point in ".rdata" section 0000000003224085
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5636] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb4d25169a 4 bytes [25, 4D, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5636] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb4d2516a2 4 bytes [25, 4D, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5636] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb4d25181a 4 bytes [25, 4D, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5636] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb4d251832 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6996] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffb3fb81f6a 4 bytes [B8, 3F, FB, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6996] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffb3fb81f82 4 bytes [B8, 3F, FB, 7F]
.text C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV\FRST64.exe[4060] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffb3fb81f6a 4 bytes [B8, 3F, FB, 7F]
.text C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV\FRST64.exe[4060] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffb3fb81f82 4 bytes [B8, 3F, FB, 7F]
.text C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV\FRST64.exe[4060] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb4d25169a 4 bytes [25, 4D, FB, 7F]
.text C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV\FRST64.exe[4060] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb4d2516a2 4 bytes [25, 4D, FB, 7F]
.text C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV\FRST64.exe[4060] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb4d25181a 4 bytes [25, 4D, FB, 7F]
.text C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV\FRST64.exe[4060] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb4d251832 4 bytes [25, 4D, FB, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [628:652] fffff96000903b90
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140404.001\Scxpx86.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4600] (FILE NOT FOUND) 00000000690f0000
Library C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140404.001\IDSxpx86.dll (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [6928] (FILE NOT FOUND) 000000005dfb0000
Library C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140319.001\BHEngine.dll (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [6928] (FILE NOT FOUND) 000000005cfa0000
Process C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV\FRST64.exe (*** suspicious ***) @ C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV\FRST64.exe [4060] (Farbar Recovery Scan Tool/Farbar)(2014-08-03 12:43:26) 00007ff76dc40000
Process C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\FDTWKCPP\Gmer-19357.exe (*** suspicious ***) @ C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\FDTWKCPP\Gmer-19357.exe [6940](2014-08-03 12:46:22) 0000000000400000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:47 on 03/08/2014 (Marko)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
|
03.08.2014, 15:14
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8: Internet leitet auf andere Seiten weiter Hi,
__________________FRST.txt fehlt 
__________________ |
|
| Themen zu Windows 8: Internet leitet auf andere Seiten weiter |
| adware, branding, computer, converter, cpu, defender, device driver, error, explorer, failed, flash player, help, iexplore.exe, internet, internet explorer, livecomm.exe, memory.dmp, problem, programm, rundll, scan, security, seiten, server, software, symantec, usb, warnung, windows, windowsapps |
Linear-Darstellung
