|
Plagegeister aller Art und deren Bekämpfung: VLC.de Browser HijackWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.10.2014, 23:12 | #1 |
| VLC.de Browser Hijack Hallo, gestern habe ich in Eile den VLC Player runtergeladen und dabei den 1. Treffer von Google genommen - vlc.de. Wie ich später bemerkt habe bin ich dabei wohl leider auf Betrüger reingefallen, denn mein Browser ändert immer Startseite und Suchanbieter in SM.de Daraufhin habe ich VLC deinstalliert und einen Malwarebytes Scan durchgeführt, der nichts ergeben hat. OTL habe ich auch einmal laufen lassen, jedoch würde ich den Log ungerne hier öffentlich posten, da er ja auch viel persönliches aussagt. Vielleicht erklärt sich ja jemand bereit dass ihm diesen per PN schicken kann. Vielen Dank schonmal. |
12.10.2014, 01:19 | #2 |
Ruhe in Frieden † 2019 | VLC.de Browser HijackMein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Hier im Forum werden wir nur helfen, wenn du die Logs postest, deinen Namen kannst du gerne durch Platzhalter ersetzen, falls es darum geht. Falls ich dir helfen soll, mache bitte einen Scan mit FRST und poste dieses in Code Tags Posten in Code Tags Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
12.10.2014, 11:24 | #3 |
| VLC.de Browser Hijack Hallo,
__________________hier die Logfiles. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-10-2014 Ran by user (administrator) on ULTRABOOK on 12-10-2014 12:18:16 Running from C:\Users\user\Downloads Loaded Profile: user (Available profiles: user) Platform: Windows 8.1 (Update 1) (X64) OS Language: Englisch (Vereinigte Staaten) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17129_none_fa6387b99b0c7738\TiWorker.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-07-31] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2573017405-1711662473-3998228027-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-09-16] (Electronic Arts) HKU\S-1-5-21-2573017405-1711662473-3998228027-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com SearchScopes: HKLM - DefaultScope {A1122C0D-ECC8-41C4-AB58-5E84AEC7B4FA} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM - {A1122C0D-ECC8-41C4-AB58-5E84AEC7B4FA} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKCU - DefaultScope {A1122C0D-ECC8-41C4-AB58-5E84AEC7B4FA} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {A1122C0D-ECC8-41C4-AB58-5E84AEC7B4FA} URL = hxxp://www.sm.de/?q={searchTerms} BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 10.0.1.1 FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.de/" CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-27] CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-27] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-27] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-31] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-27] CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-27] CHR Extension: (Google Tabellen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-27] CHR Extension: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-10] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-27] CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-27] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed] R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-07-26] (Intel Corporation) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-07-31] (Intel Corporation) R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-07-31] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-07-31] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-07-31] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-20] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [197608 2013-07-23] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-18] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] () S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-08-27] (Microsoft Corporation) S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation) R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-18] (Stardock Software, Inc) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-08-27] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-08-27] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation) S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-04] (ASUS Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385272 2013-08-02] (Motorola Solutions, Inc.) R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [68072 2013-07-31] (Intel Corporation) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-07-31] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-07-31] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-07-31] (Intel Corporation) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-10] (Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-07-23] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-07-23] () R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-07-23] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-07-23] () R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-31] (Intel Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3446240 2014-07-08] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3648480 2013-08-30] (Intel Corporation) R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows (R) Win 7 DDK provider) R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-21] (Windows (R) Win 7 DDK provider) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-08-27] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-12 12:18 - 2014-10-12 12:18 - 00019968 _____ () C:\Users\user\Downloads\FRST.txt 2014-10-12 12:18 - 2014-10-12 12:18 - 00000000 ____D () C:\FRST 2014-10-12 12:17 - 2014-10-12 12:18 - 02109952 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2014-10-11 14:59 - 2014-10-11 15:00 - 00000619 _____ () C:\Users\user\Desktop\a.txt 2014-10-11 12:10 - 2014-10-11 12:10 - 00123638 _____ () C:\Users\user\Downloads\OTL.Txt 2014-10-11 12:10 - 2014-10-11 12:10 - 00077310 _____ () C:\Users\user\Downloads\Extras.Txt 2014-10-11 11:59 - 2014-10-11 11:59 - 00602112 _____ (OldTimer Tools) C:\Users\user\Downloads\otl.exe 2014-10-11 00:51 - 2014-10-11 00:51 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-10-11 00:51 - 2014-10-11 00:51 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-11 00:51 - 2014-10-11 00:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-11 00:50 - 2014-10-11 00:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-11 00:50 - 2014-10-11 00:50 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-11 00:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-10-11 00:50 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-10-11 00:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-10-11 00:42 - 2014-10-11 00:42 - 03007700 _____ () C:\Users\user\Downloads\revouninstaller.zip 2014-10-10 23:42 - 2014-10-12 12:16 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype 2014-10-10 23:42 - 2014-10-10 23:43 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-10-10 23:42 - 2014-10-10 23:42 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-10-10 23:42 - 2014-10-10 23:42 - 00000000 ____D () C:\Users\user\AppData\Local\Skype 2014-10-10 23:42 - 2014-10-10 23:42 - 00000000 ____D () C:\ProgramData\Skype 2014-10-10 23:42 - 2014-10-10 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-10-10 23:41 - 2014-10-10 23:41 - 01677920 _____ (Skype Technologies S.A.) C:\Users\user\Downloads\SkypeSetup.exe 2014-10-10 10:48 - 2010-08-31 02:11 - 1512102320 _____ () C:\Users\user\Desktop\Castle.S01E10.Todesfall.in.der.Familie.GERMAN.DL.DUBBED.WEB-DL.720p.H.264-TvR.mkv 2014-10-10 10:41 - 2010-08-31 02:09 - 1523057959 _____ () C:\Users\user\Desktop\Castle.S01E09.Die.verschwundene.Tochter.GERMAN.DL.DUBBED.WEB-DL.720p.H.264-TvR.mkv 2014-10-10 10:40 - 2014-10-10 15:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc 2014-10-10 10:34 - 2010-08-31 02:08 - 1493590487 _____ () C:\Users\user\Desktop\Castle.S01E08.Geister.GERMAN.DL.DUBBED.WEB-DL.720p.H.264-TvR.mkv 2014-10-10 10:28 - 2014-10-10 10:28 - 00001196 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk 2014-10-10 10:28 - 2014-10-10 10:28 - 00000000 ____D () C:\Program Files\VideoLAN 2014-10-10 10:27 - 2010-08-31 02:07 - 1473536028 _____ () C:\Users\user\Desktop\Castle.S01E07.Reich.und.tot.GERMAN.DL.DUBBED.WEB-DL.720p.H.264-TvR.mkv 2014-10-06 01:17 - 2014-10-08 19:17 - 00000646 _____ () C:\Users\Public\Desktop\FIFA 15.lnk 2014-10-06 01:17 - 2014-10-06 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15 2014-10-06 00:55 - 2014-10-06 00:57 - 00000000 ____D () C:\Users\user\Documents\Stronghold Crusader 2 2014-10-06 00:09 - 2014-10-06 00:59 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-10-06 00:09 - 2014-10-06 00:09 - 00000981 _____ () C:\Users\Public\Desktop\Steam.lnk 2014-10-06 00:09 - 2014-10-06 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2014-10-04 22:52 - 2014-10-12 00:36 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-04 22:52 - 2014-10-04 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-09-29 16:54 - 2014-09-29 16:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless 2014-09-29 16:54 - 2014-09-29 16:54 - 00000000 ____D () C:\Program Files\Common Files\Intel 2014-09-29 16:54 - 2014-09-29 16:54 - 00000000 ____D () C:\Program Files (x86)\Cisco 2014-09-21 00:51 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2014-09-21 00:51 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2014-09-16 22:29 - 2014-09-16 22:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\OpenOffice 2014-09-16 22:20 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-09-16 22:20 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2014-09-16 22:20 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-09-16 22:20 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-09-16 22:20 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-09-16 22:20 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-09-16 22:20 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-09-16 22:20 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-09-16 22:20 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-09-16 22:20 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-09-16 22:20 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-09-16 22:20 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2014-09-16 22:20 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-09-16 22:20 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-09-16 22:20 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-09-14 00:37 - 2014-09-14 00:37 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-12 12:18 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-10-12 12:17 - 2014-08-27 03:43 - 01852595 _____ () C:\WINDOWS\WindowsUpdate.log 2014-10-12 12:17 - 2013-12-25 00:10 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1 2014-10-12 12:17 - 2013-12-25 00:10 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2 2014-10-12 12:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-10-12 08:36 - 2014-08-27 09:31 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-12 00:48 - 2014-08-26 10:03 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2573017405-1711662473-3998228027-1001 2014-10-12 00:36 - 2014-08-27 09:31 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-11 21:27 - 2014-08-26 09:52 - 00000062 _____ () C:\Users\user\AppData\Roaming\sp_data.sys 2014-10-11 21:26 - 2014-08-31 08:17 - 00000000 ____D () C:\ProgramData\Origin 2014-10-11 21:26 - 2014-08-31 08:17 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-10-11 21:25 - 2014-08-27 03:47 - 00000000 __RDO () C:\Users\user\OneDrive 2014-10-11 21:11 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-10-11 21:00 - 2014-08-27 04:17 - 00770848 _____ () C:\WINDOWS\system32\perfh007.dat 2014-10-11 21:00 - 2014-08-27 04:17 - 00161978 _____ () C:\WINDOWS\system32\perfc007.dat 2014-10-11 21:00 - 2014-03-18 12:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-10-11 20:56 - 2013-08-22 16:46 - 00294805 _____ () C:\WINDOWS\setupact.log 2014-10-11 20:56 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-10-11 20:55 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-10-11 20:55 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-10-11 20:55 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-10-11 20:54 - 2014-03-18 11:54 - 00003096 _____ () C:\WINDOWS\PFRO.log 2014-10-11 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-10-10 23:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-10-06 01:14 - 2013-12-25 00:05 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-06 00:48 - 2013-05-01 11:36 - 00029073 _____ () C:\WINDOWS\DirectX.log 2014-10-04 22:52 - 2014-08-27 09:31 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-30 19:49 - 2013-12-25 00:06 - 00000000 ____D () C:\ProgramData\Intel 2014-09-29 16:54 - 2013-12-25 00:00 - 00000000 ____D () C:\Program Files (x86)\Intel 2014-09-29 16:37 - 2014-08-27 03:38 - 00000000 ____D () C:\Program Files\Intel 2014-09-29 16:37 - 2013-12-25 00:05 - 00038764 _____ () C:\WINDOWS\DPINST.LOG 2014-09-22 08:42 - 2014-08-31 08:36 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-09-16 22:11 - 2013-08-22 16:44 - 00360464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-09-16 21:55 - 2013-05-01 11:34 - 00000000 ____D () C:\ProgramData\Adobe 2014-09-14 00:40 - 2014-08-31 08:19 - 00000000 ____D () C:\Users\user\AppData\Roaming\Origin 2014-09-14 00:37 - 2014-08-26 09:52 - 00000000 ____D () C:\Users\user\AppData\Roaming\Adobe 2014-09-13 21:37 - 2014-08-27 04:37 - 00000000 ___DC () C:\WINDOWS\Panther Files to move or delete: ==================== C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS Some content of TEMP: ==================== C:\Users\user\AppData\Local\Temp\PrefJsonCpp.exe C:\Users\user\AppData\Local\Temp\sqlite3.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-11 12:11 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2014 Ran by user at 2014-10-12 12:18:43 Running from C:\Users\user\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{123A22CB-6D84-4135-A71F-886C9119E996}) (Version: 99.9 - Eyeo GmbH) Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated) Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{53D39DE8-5AEA-4168-B552-68D3E7DBEC92}) (Version: 3.6.10117.62224 - Alcor Micro Corp.) Alcor Micro USB Card Reader Driver (x32 Version: 3.6.10117.62224 - Alcor Micro Corp.) Hidden ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.4 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS) ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.4 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0010 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.4 - ASUS) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS) Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dragon Assistant Installer (HKLM-x32\...\{A48069B4-3189-4DC2-AD03-645A16949F2F}) (Version: 1.0.0 - ASUS) EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.0.0.2 - Electronic Arts) Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Intel Anti-Theft Discovery App (HKLM-x32\...\{707248B9-2D34-4D77-A5C6-2A8A54848E5A}) (Version: 1.1.0.7 - Intel Corporation) Intel Experience Center - Configuration (x32 Version: 1.5.0.0 - Intel) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.0.0.2023 - Intel Corporation) Intel(R) Experience Center Desktop Software (HKLM-x32\...\{e4fefc02-cd6c-45e3-8974-e7357e71da40}) (Version: 1.5.0.0 - Intel) Intel(R) Experience Center Driver (HKLM-x32\...\{16660b76-bdc5-47cf-b28d-846120a1ee76}) (Version: 1.0.90.0 - Intel Corporation) Intel(R) Experience Center Driver (Version: 1.0.90.0 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation) Intel(R) PRO/Wireless Driver (Version: 17.00.6000.1654 - Intel Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.10.0.0136 - Intel Corporation) Hidden Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{5EC1901C-D946-424C-9E77-4F58F64C987B}) (Version: 4.2.40.2384 - Intel Corporation) Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden Intel(R) WiDi (HKLM\...\{201B03D6-FDDA-4C70-8A15-887F5B3CE365}) (Version: 4.2.19.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{50748ecf-730e-4c86-87be-0346d4aa7aac}) (Version: 17.0.6 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (Version: 17.0.5.0389 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS) OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.4.21.2812 - Electronic Arts, Inc.) Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.) Realtek USB Ethernet Controller Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.6.626.2013 - Realtek) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.45 - Stardock Software, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Stronghold Crusader 2 (HKLM-x32\...\Steam App 232890) (Version: - FireFly Studios) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden Windows Driver Package - ASUS (ATP) Mouse (08/19/2013 1.0.0.185) (HKLM\...\BEC03F71855D306AE5B6E65FD243A203C2B10782) (Version: 08/19/2013 1.0.0.185 - ASUS) Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live 程式集 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live 软件包 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) 影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden 照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 29-09-2014 14:36:43 Intel® PROSet/Wireless Software 30-09-2014 17:49:21 Intel® PROSet/Wireless Software 05-10-2014 22:47:17 DirectX wurde installiert ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {02EC2AB5-92B4-4F4B-8B67-9B534FA5B8CD} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {05EA89EE-EA48-4645-A308-B9CE6902CCFB} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-04] (AsusTek) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {14C03C00-90EB-4758-85C5-03813E3BEFAB} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {187B1775-172E-4A90-BF37-3256ECCCEC4A} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2F9AC415-8A5B-46FE-BFAD-F34F7C434886} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-27] (Google Inc.) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {4FE701E3-6422-4EC1-9099-01D3B803382A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-27] (Google Inc.) Task: {5BCB85E4-F421-40EF-AE3D-B6D139929ED3} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation) Task: {609301E3-FD06-48CC-97C8-54B000B5D39B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-06-04] (ASUS) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {764DC8EA-35B8-4FB1-AB0F-6182A3D2A4B1} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-06-04] (ASUSTeK Computer Inc.) Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7E452B42-F99C-435B-AA18-8B53977C1B65} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9DA95187-DEB3-4FBF-8AC9-8DB6A3D19B80} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation) Task: {9EB9C839-1910-4551-8C6A-309FE1CD3B3C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-07-09] (ASUSTek Computer Inc.) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {AD231473-09C9-4BF2-A441-348412F3F222} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.) Task: {AF9CA638-33B5-4F8F-BA67-557F504D9893} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {C72D7730-19DD-49EE-A873-7B2A37DDBCC7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation) Task: {D371BF0E-EAF5-4E2D-B38A-6E1139F87B92} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS) Task: {D490EEF3-9595-44A8-BF87-0FA0A2272825} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-10] () Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-19 08:10 - 2012-12-19 08:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe 2013-07-23 03:15 - 2013-07-23 03:15 - 00197608 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-07-23 03:15 - 2013-07-23 03:15 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-07-23 03:15 - 2013-07-23 03:15 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll 2013-07-23 19:54 - 2013-07-23 19:54 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2014-08-31 08:19 - 2014-08-31 08:19 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\ErrorReporting.dll 2013-12-25 00:06 - 2013-05-31 23:30 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2013-04-30 00:17 - 2013-04-30 00:17 - 00587264 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2014-08-31 08:18 - 2014-09-16 22:13 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll 2014-08-31 08:18 - 2014-09-16 22:12 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll 2014-08-31 08:18 - 2014-09-16 22:12 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll 2014-08-31 08:18 - 2014-09-16 22:12 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll 2014-08-31 08:18 - 2014-09-16 22:12 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll 2014-08-31 08:18 - 2014-09-16 22:12 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll 2014-08-31 08:18 - 2014-09-16 22:12 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll 2014-08-31 08:18 - 2014-09-16 22:12 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll 2014-10-05 13:07 - 2014-09-23 06:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll 2014-10-05 13:07 - 2014-09-23 06:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll 2014-10-05 13:07 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll 2014-10-05 13:07 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll 2014-10-05 13:07 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll 2013-04-27 20:24 - 2013-04-27 20:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\user\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2573017405-1711662473-3998228027-500 - Administrator - Disabled) Guest (S-1-5-21-2573017405-1711662473-3998228027-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2573017405-1711662473-3998228027-1005 - Limited - Enabled) user (S-1-5-21-2573017405-1711662473-3998228027-1001 - Administrator - Enabled) => C:\Users\user ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/12/2014 00:18:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a58 Startzeit: 01cfe5d3216ce84a Endzeit: 4294967295 Anwendungspfad: C:\WINDOWS\system32\wwahost.exe Berichts-ID: 12b83462-51f9-11e4-be87-5c514f478334 Vollständiger Name des fehlerhaften Pakets: AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6ctt Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App Error: (10/12/2014 05:59:45 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 180 Startzeit: 01cfe5aae4862f46 Endzeit: 4294967295 Anwendungspfad: C:\WINDOWS\system32\wwahost.exe Berichts-ID: 32e74c10-51c4-11e4-be87-5c514f478334 Vollständiger Name des fehlerhaften Pakets: AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6ctt Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App Error: (10/12/2014 00:33:44 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 890 Startzeit: 01cfe5a2b3af15df Endzeit: 4294967295 Anwendungspfad: C:\WINDOWS\system32\wwahost.exe Berichts-ID: a7901b5b-5196-11e4-be87-5c514f478334 Vollständiger Name des fehlerhaften Pakets: AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6ctt Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App Error: (10/11/2014 10:28:38 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 19f4 Startzeit: 01cfe58b7e55e9ce Endzeit: 4294967295 Anwendungspfad: C:\WINDOWS\system32\wwahost.exe Berichts-ID: 2d76f843-5185-11e4-be87-5c514f478334 Vollständiger Name des fehlerhaften Pakets: AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6ctt Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App Error: (10/11/2014 02:34:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9830 Startzeit: 01cfe53b71f0d33d Endzeit: 4294967295 Anwendungspfad: C:\WINDOWS\system32\wwahost.exe Berichts-ID: ee534d39-5142-11e4-be84-5c514f478334 Vollständiger Name des fehlerhaften Pakets: AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6ctt Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App Error: (10/11/2014 02:32:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 37.0.2062.124, Zeitstempel: 0x5420d868 Name des fehlerhaften Moduls: chrome.dll, Version: 37.0.2062.124, Zeitstempel: 0x5420d5a6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00103e4e ID des fehlerhaften Prozesses: 0x790c Startzeit der fehlerhaften Anwendung: 0xchrome.exe0 Pfad der fehlerhaften Anwendung: chrome.exe1 Pfad des fehlerhaften Moduls: chrome.exe2 Berichtskennung: chrome.exe3 Vollständiger Name des fehlerhaften Pakets: chrome.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5 Error: (10/11/2014 11:56:01 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm IEXPLORE.EXE, Version 11.0.9600.17037 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9dcc Startzeit: 01cfe5391c9c2d8d Endzeit: 180 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: cb0af22f-512c-11e4-be84-5c514f478334 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (10/11/2014 11:55:36 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 46b4 Startzeit: 01cfe507c7f97e75 Endzeit: 4294967295 Anwendungspfad: C:\WINDOWS\system32\wwahost.exe Berichts-ID: bdbce393-512c-11e4-be84-5c514f478334 Vollständiger Name des fehlerhaften Pakets: AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6ctt Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App Error: (10/11/2014 10:25:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (10/11/2014 01:13:33 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8fec Startzeit: 01cfe4df194253ec Endzeit: 4294967295 Anwendungspfad: C:\WINDOWS\system32\wwahost.exe Berichts-ID: 0d312644-50d3-11e4-be84-5c514f478334 Vollständiger Name des fehlerhaften Pakets: AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6ctt Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App System errors: ============= Error: (10/11/2014 09:06:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Cumulative Security Update for Internet Explorer 11 for Windows 8.1 for x64-based Systems (KB2977629) Error: (10/11/2014 09:06:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Security Update for Windows 8.1 for x64-based Systems (KB2918614) Error: (10/11/2014 09:06:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update for Windows 8.1 for x64-based Systems (KB2965142) Error: (10/11/2014 09:06:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update for Windows 8.1 for x64-based Systems (KB2971239) Error: (10/11/2014 09:06:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Security Update for Windows 8.1 for x64-based Systems (KB2972280) Error: (10/11/2014 09:06:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update for Windows 8.1 for x64-based Systems (KB2967917) Error: (10/11/2014 09:06:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Security Update for Windows 8.1 for x64-based Systems (KB2971850) Error: (10/11/2014 09:06:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Security Update for Internet Explorer Flash Player for Windows 8.1 for x64-based Systems (KB2987114) Error: (10/11/2014 09:06:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update for Windows 8.1 for x64-based Systems (KB2969817) Error: (10/11/2014 09:06:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update for Windows 8.1 for x64-based Systems (KB2955164) Microsoft Office Sessions: ========================= Error: (10/12/2014 00:18:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.17031a5801cfe5d3216ce84a4294967295C:\WINDOWS\system32\wwahost.exe12b83462-51f9-11e4-be87-5c514f478334AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6cttApp Error: (10/12/2014 05:59:45 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.1703118001cfe5aae4862f464294967295C:\WINDOWS\system32\wwahost.exe32e74c10-51c4-11e4-be87-5c514f478334AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6cttApp Error: (10/12/2014 00:33:44 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.1703189001cfe5a2b3af15df4294967295C:\WINDOWS\system32\wwahost.exea7901b5b-5196-11e4-be87-5c514f478334AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6cttApp Error: (10/11/2014 10:28:38 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.1703119f401cfe58b7e55e9ce4294967295C:\WINDOWS\system32\wwahost.exe2d76f843-5185-11e4-be87-5c514f478334AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6cttApp Error: (10/11/2014 02:34:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.17031983001cfe53b71f0d33d4294967295C:\WINDOWS\system32\wwahost.exeee534d39-5142-11e4-be84-5c514f478334AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6cttApp Error: (10/11/2014 02:32:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: chrome.exe37.0.2062.1245420d868chrome.dll37.0.2062.1245420d5a6c000000500103e4e790c01cfe5398e4efd8fC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\chrome.dlla0ec427b-5142-11e4-be84-5c514f478334 Error: (10/11/2014 11:56:01 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: IEXPLORE.EXE11.0.9600.170379dcc01cfe5391c9c2d8d180C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEcb0af22f-512c-11e4-be84-5c514f478334 Error: (10/11/2014 11:55:36 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.1703146b401cfe507c7f97e754294967295C:\WINDOWS\system32\wwahost.exebdbce393-512c-11e4-be84-5c514f478334AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6cttApp Error: (10/11/2014 10:25:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (10/11/2014 01:13:33 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.170318fec01cfe4df194253ec4294967295C:\WINDOWS\system32\wwahost.exe0d312644-50d3-11e4-be84-5c514f478334AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6cttApp ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4558U CPU @ 2.80GHz Percentage of memory in use: 42% Total physical RAM: 8075.22 MB Available physical RAM: 4635.07 MB Total Pagefile: 9355.22 MB Available Pagefile: 5791.51 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:94.95 GB) (Free:44.76 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Data) (Fixed) (Total:121.98 GB) (Free:79.75 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: F21E3757) Partition: GPT Partition Type. ==================== End Of Log ============================ |
12.10.2014, 21:49 | #4 |
Ruhe in Frieden † 2019 | VLC.de Browser Hijack Hallo, wie sieht es jetzt aus? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter SearchScopes: HKLM - DefaultScope {A1122C0D-ECC8-41C4-AB58-5E84AEC7B4FA} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM - {A1122C0D-ECC8-41C4-AB58-5E84AEC7B4FA} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKCU - DefaultScope {A1122C0D-ECC8-41C4-AB58-5E84AEC7B4FA} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKCU - {A1122C0D-ECC8-41C4-AB58-5E84AEC7B4FA} URL = hxxp://www.sm.de/?q={searchTerms} C:\Users\user\AppData\Roaming\vlc Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern ESET Online Scanner
Schritt 3 Starte noch einmal FRST.
|
Themen zu VLC.de Browser Hijack |
bereit, bieter, browser, deinstalliert, durchgeführt, erklärt, google, hijack, laufen, log, malwarebytes, nichts, player, poste, posten, scan, schicke, schicken, schonmal, seite, startseite, treffer, vlc player, würde, ändert, öffen |