Browser sehr lansam

vb1887 · 17.03.2015, 10:27

Hallo,

habe seit gestern das Problem dass sich die Internetseiten langsam oder gar nicht aufbauen.
Browserspiele werden gar nicht mehr geöffnet.
Könnte mir jemand helfen?

LG Nessy

schrauber · 17.03.2015, 10:38

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

vb1887 · 17.03.2015, 15:11

Danke für die schnelle Antwort

Die Addition.txt find ich nirgendwo...was mache ich falsch?!

Ich finde diese Addition.txt einfach nicht

So nun noch mal richtig

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Joschi (administrator) on POU on 17-03-2015 11:30:24
Running from C:\Users\Joschi\Downloads
Loaded Profiles: Joschi &  (Available profiles: Joschi & Administrator)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
() C:\Users\Joschi\AppData\Roaming\VOPackage\vosrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Joschi\Downloads\FRST64(3).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUSQuickGesture(x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3714319823-260000009-872883684-1001\...\MountPoints2: {233d1340-1d5d-11e2-be6a-806e6f6e6963} - "E:\setup.exe" 
HKU\S-1-5-21-3714319823-260000009-872883684-1001\...\MountPoints2: {3afa1282-35d9-11e3-8034-08606e4af0d0} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3714319823-260000009-872883684-1001\...\MountPoints2: {3afa12cd-35d9-11e3-8034-08606e4af0d0} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3714319823-260000009-872883684-1001\...\MountPoints2: {f83a432c-35dc-11e3-8035-001e101fb2d1} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3714319823-260000009-872883684-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [898048 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-3714319823-260000009-872883684-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {233d1340-1d5d-11e2-be6a-806e6f6e6963} - "E:\setup.exe" 
HKU\S-1-5-21-3714319823-260000009-872883684-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {3afa1282-35d9-11e3-8034-08606e4af0d0} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3714319823-260000009-872883684-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {3afa12cd-35d9-11e3-8034-08606e4af0d0} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3714319823-260000009-872883684-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f83a432c-35dc-11e3-8035-001e101fb2d1} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3714319823-260000009-872883684-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [898048 2012-07-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-3714319823-260000009-872883684-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3714319823-260000009-872883684-1001] => http=127.0.0.1:13828
ProxyEnable: [S-1-5-21-3714319823-260000009-872883684-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3714319823-260000009-872883684-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:13828
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3714319823-260000009-872883684-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3714319823-260000009-872883684-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3714319823-260000009-872883684-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3714319823-260000009-872883684-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ASUS Browser Extension x64 -> {78234974-0C4B-4111-BDEB-D9A104418772} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll [2012-09-11] (ASUSTeK Computer Inc.)
BHO-x32: ASUS Browser Extension x86 -> {78234974-0C4B-4111-BDEB-D9A104418771} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll [2012-09-11] (ASUSTeK Computer Inc.)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Tcpip\..\Interfaces\{3C2D7332-A7C1-4F97-8147-E75AFF9BA2B1}: [NameServer] 193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default
FF NewTab: chrome://lightning/content/newtab.html
FF SearchEngineOrder.1: Ask.com
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3714319823-260000009-872883684-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Joschi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3714319823-260000009-872883684-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Joschi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-07] (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml [2014-02-17]
FF Extension: Avira Browser Safety - C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\Extensions\abs@avira.com [2015-03-09]
FF Extension: ep - C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi [2014-02-20]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-01-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-21] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2013-10-15] ()
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
R2 VOsrv; C:\Users\Joschi\AppData\Roaming\VOPackage\VOsrv.exe [61456 2014-02-15] () <==== ATTENTION
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [56704 2012-09-11] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2015-01-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2015-01-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-17 11:23 - 2015-03-17 11:29 - 02095616 _____ (Farbar) C:\Users\Joschi\Downloads\FRST64(3).exe
2015-03-17 11:19 - 2015-03-17 11:22 - 01135104 _____ (Farbar) C:\Users\Joschi\Downloads\FRST(1).exe
2015-03-16 23:06 - 2015-03-16 23:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-16 22:41 - 2015-03-16 23:05 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Joschi\Downloads\mbar-1.09.1.1004.exe
2015-03-06 13:53 - 2015-03-06 13:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-06 11:03 - 2015-03-06 11:03 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-03-01 11:02 - 2015-03-01 11:02 - 01055936 _____ (Adobe) C:\Users\Joschi\Downloads\install_flashplayer16x32_ltr5x64d_awc_aih(1).exe
2015-03-01 10:47 - 2015-03-01 10:47 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2015-03-01 10:35 - 2015-03-01 10:35 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\TuneUp Software
2015-03-01 10:33 - 2015-03-01 10:44 - 00000000 __SHD () C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2015-03-01 10:33 - 2015-03-01 10:35 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-03-01 10:31 - 2015-03-01 10:33 - 28181408 _____ (TuneUp Software) C:\Users\Joschi\Downloads\TuneUpUtilities2013_de-DE.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-17 11:30 - 2014-02-17 22:02 - 00016859 _____ () C:\Users\Joschi\Downloads\FRST.txt
2015-03-17 11:30 - 2014-02-17 22:02 - 00000000 ____D () C:\FRST
2015-03-17 11:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-03-17 10:49 - 2013-02-19 09:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-17 10:04 - 2013-03-23 17:06 - 00000000 ____D () C:\Zylom Games
2015-03-17 10:04 - 2013-03-23 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
2015-03-17 10:04 - 2013-03-23 17:06 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2015-03-17 10:03 - 2014-02-11 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2015-03-17 10:03 - 2014-02-11 21:19 - 00000000 ____D () C:\Program Files (x86)\Purplehills
2015-03-17 10:00 - 2014-02-01 20:23 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\cerasus.media
2015-03-17 10:00 - 2014-02-01 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\play+smile
2015-03-17 10:00 - 2014-02-01 20:11 - 00000000 ____D () C:\Program Files (x86)\play+smile
2015-03-17 09:27 - 2013-02-18 10:03 - 00000401 _____ () C:\Users\Joschi\AppData\Roaming\sp_data.sys
2015-03-16 23:30 - 2014-02-17 23:00 - 00000000 ____D () C:\Users\Joschi\Desktop\mbar
2015-03-16 23:06 - 2014-02-17 23:01 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-16 23:05 - 2014-02-17 23:00 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-12 20:32 - 2012-08-03 00:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2015-03-12 20:32 - 2012-08-03 00:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2015-03-12 20:32 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-12 20:25 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-11 20:52 - 2013-02-19 09:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-11 20:52 - 2012-08-02 14:24 - 00039682 _____ () C:\Windows\PFRO.log
2015-03-10 22:03 - 2012-10-23 23:28 - 01869237 _____ () C:\Windows\WindowsUpdate.log
2015-03-06 15:01 - 2015-01-26 20:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-03-06 11:03 - 2015-01-21 17:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-06 11:03 - 2013-02-23 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-06 11:03 - 2013-02-23 14:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-01 11:04 - 2013-02-25 10:34 - 00000000 ____D () C:\Users\Joschi\AppData\Local\Adobe

==================== Files in the root of some directories =======

2013-02-18 10:03 - 2015-03-17 09:27 - 0000401 _____ () C:\Users\Joschi\AppData\Roaming\sp_data.sys
2014-02-17 11:14 - 2014-02-17 11:14 - 0825216 _____ (AnyProtect.com) C:\Users\Joschi\AppData\Local\nseD7D0.tmp
2012-08-17 01:52 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-17 01:52 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Joschi\AppData\Local\Temp\avgnt.exe
C:\Users\Joschi\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Joschi\AppData\Local\Temp\install_flashplayer16x32_ltr5x64d_awc_aih(2).exe
C:\Users\Joschi\AppData\Local\Temp\TUUUninstallHelper.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-09 14:49

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

schrauber · 17.03.2015, 18:51

FRST öffnen, Haken setzen bei Addition und scannen, poste bitte nur die Addition.txt.

vb1887 · 17.03.2015, 20:44

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Joschi at 2015-03-17 20:40:18
Running from C:\Users\Joschi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

100 Prozent Wimmelbild (HKLM-x32\...\{149F9A5E-889D-474B-BA15-AFA0E614E5EA}_is1) (Version:  - cerasus.media GmbH)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.4 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.32 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
awesomehp Browser newtab extension (HKLM-x32\...\awesomehp Browser newtab extension) (Version:  - awesomehp) <==== ATTENTION
Big City Adventure(TM) - New York City (HKLM-x32\...\b69241404897e9d5e82a784891295943) (Version:  - zylom)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 2.0.0.8 - )
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.17.916 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{7E6316CA-5ED0-4EF9-9920-A92115E286B7}) (Version: 0.7.17.916 - BlueStack Systems, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dark Mysteries - Der Seelensammler (HKLM-x32\...\{2C3E75F6-DD0F-4F4E-B757-9DFBE85C14B3}_is1) (Version:  - cerasus.media GmbH)
Dark Tales: Der Mord in der Rue Morgue von Edgar Allan Poe (HKLM-x32\...\BFG-Dark Tales - Der Mord in der Rue Morgue von Edgar Allan Poe) (Version:  - )
Dark Tales: Der schwarze Kater von Edgar Allan Poe (HKLM-x32\...\BFG-Dark Tales - Der schwarze Kater von Edgar Allan Poe) (Version:  - )
Dreamscapes - The Sandman (HKLM-x32\...\Dreamscapes - The Sandman_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
Fallen Shadows - Schatten der Kindheit (HKLM-x32\...\{AE2893E9-145A-41AC-85C6-ED046B13572E}) (Version: 1.0.0 - Happy Muffin Top)
Fishdom H2O - Hidden Odyssey(TM) (HKLM-x32\...\2bdf7eb01e69cc0591d6f6b7e23fc65f) (Version:  - zylom)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Invisible Man (HKLM-x32\...\Invisible Man_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
Magic Academy (HKLM-x32\...\b261d31123ca3bdb94534d864bf1e12c) (Version:  - zylom)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.00.705 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sherlock Holmes and The Hound of The Baskervilles (HKLM-x32\...\2158fc2337e2d7fc47cbdfe0e2d81acc) (Version:  - zylom)
Spirit Walkers - Curse of the Cypress Witch (HKLM-x32\...\3e2de0e74f55b1aea562f3e4009ad19c) (Version:  - zylom)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-3714319823-260000009-872883684-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3714319823-260000009-872883684-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Walsingham‘s Manor - Verlies der Seelen (HKLM-x32\...\Walsingham‘s Manor - Verlies der Seelen_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
Windows Driver Package - ASUS (ATP) Mouse  (08/27/2012 1.0.0.125) (HKLM\...\2BD897DEE9289F769D9176245811D5330A360B0B) (Version: 08/27/2012 1.0.0.125 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-03-2015 10:33:52 TuneUp Utilities 2013 wird installiert
13-03-2015 23:24:00 Geplanter Prüfpunkt
17-03-2015 09:55:03 TuneUp Utilities 2013 wird entfernt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {141664A6-ADE8-44F1-A047-F92420799A0E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {328A5A9C-DE94-420D-AFF4-4E18DFCB5F5C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {6E22C9D9-1DCF-4FAE-8A01-48A53E2442F2} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {BD48E47C-8E91-4EF3-AA40-6459068FEFEA} - \Re-markit Update No Task File <==== ATTENTION
Task: {D18A15C6-F51A-4EF3-ABAD-FCE1ACDA6111} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {D5AB0C5C-71A0-4C86-89D6-7AA0CC19643F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {DA007ABD-B24E-4A2A-86D3-F65574868A7C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {F494D5FD-79A2-42DA-8FB1-32752E34ACE2} - \UpdaterEX No Task File <==== ATTENTION
Task: {FD1A6B4A-56C4-4EFD-80A2-5806C887A8F3} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {FF97E558-7429-4756-A78B-167E9D0FDDB7} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-10-15 21:41 - 2013-10-15 21:40 - 00246112 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-02-15 08:47 - 2014-02-15 08:47 - 00061456 _____ () C:\Users\Joschi\AppData\Roaming\VOPackage\VOsrv.exe
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-10-23 23:16 - 2012-08-16 11:04 - 00078480 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-10-23 23:16 - 2012-08-16 11:04 - 00386192 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-09-21 03:56 - 2012-08-15 18:52 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2010-09-28 18:32 - 2010-09-28 18:32 - 00245568 _____ () C:\Program Files (x86)\bfgclient\bfggameservices.exe
2014-02-17 10:53 - 2014-02-17 10:53 - 00183264 _____ () C:\Users\Joschi\AppData\Roaming\VOPackage\VOPackage.exe
2013-10-15 21:40 - 2013-10-15 21:41 - 00514048 _____ () C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
2013-10-15 21:41 - 2013-10-15 21:40 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-10-15 21:41 - 2013-10-15 21:40 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-10-15 21:41 - 2013-10-15 21:40 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-10-15 21:41 - 2013-10-15 21:40 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-10-15 21:41 - 2013-10-15 21:40 - 00384512 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-10-15 21:41 - 2013-10-15 21:40 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2012-10-23 23:13 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-08-24 17:17 - 2012-08-24 17:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-09-28 18:32 - 2010-09-28 18:32 - 01447744 _____ () C:\Program Files (x86)\bfgclient\bfgcommon.dll
2015-03-17 17:56 - 2015-03-17 17:56 - 00117248 _____ () C:\Users\Joschi\AppData\Local\Temp\nsaD32F.tmp\IpConfig.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00427008 _____ () C:\Program Files (x86)\Mobile Partner\core.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00264192 _____ () C:\Program Files (x86)\Mobile Partner\sdk.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00011362 _____ () C:\Program Files (x86)\Mobile Partner\mingwm10.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00043008 _____ () C:\Program Files (x86)\Mobile Partner\libgcc_s_dw2-1.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 02415104 _____ () C:\Program Files (x86)\Mobile Partner\QtCore4.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 09515520 _____ () C:\Program Files (x86)\Mobile Partner\QtGui4.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00382464 _____ () C:\Program Files (x86)\Mobile Partner\Proxy.DLL
2013-10-15 21:40 - 2013-10-15 21:40 - 00218112 _____ () C:\Program Files (x86)\Mobile Partner\Common.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00135168 _____ () C:\Program Files (x86)\Mobile Partner\Trace.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00545280 _____ () C:\Program Files (x86)\Mobile Partner\PluginContainer.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00238080 _____ () C:\Program Files (x86)\Mobile Partner\AtCodec.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00301056 _____ () C:\Program Files (x86)\Mobile Partner\DeviceSrvPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00237568 _____ () C:\Program Files (x86)\Mobile Partner\NetSrvPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00133120 _____ () C:\Program Files (x86)\Mobile Partner\OSDialup.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00159744 _____ () C:\Program Files (x86)\Mobile Partner\XCodec.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00157184 _____ () C:\Program Files (x86)\Mobile Partner\DataServicePlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00176128 _____ () C:\Program Files (x86)\Mobile Partner\CallSrvPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00264704 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookSrvPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00217600 _____ () C:\Program Files (x86)\Mobile Partner\SmsSrvPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00142336 _____ () C:\Program Files (x86)\Mobile Partner\USSDSrvPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00156672 _____ () C:\Program Files (x86)\Mobile Partner\STKSrvPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00338432 _____ () C:\Program Files (x86)\Mobile Partner\DeviceAppPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00065536 _____ () C:\Program Files (x86)\Mobile Partner\OSPowerMgr.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00114688 _____ () C:\Program Files (x86)\Mobile Partner\Win7Support.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 01078272 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00670720 _____ () C:\Program Files (x86)\Mobile Partner\SmsAppPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00550400 _____ () C:\Program Files (x86)\Mobile Partner\CallAppPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00547840 _____ () C:\Program Files (x86)\Mobile Partner\CallLogSrvPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00158720 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectSrvPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00211968 _____ () C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00101376 _____ () C:\Program Files (x86)\Mobile Partner\OSAdapt.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00180224 _____ () C:\Program Files (x86)\Mobile Partner\NDISPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00131072 _____ () C:\Program Files (x86)\Mobile Partner\OSNDIS.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 01101824 _____ () C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00278528 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoSrvPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00062976 _____ () C:\Program Files (x86)\Mobile Partner\OSCall.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00538624 _____ () C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00398336 _____ () C:\Program Files (x86)\Mobile Partner\QtXml4.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00123392 _____ () C:\Program Files (x86)\Mobile Partner\ATR2SMgr.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00184832 _____ () C:\Program Files (x86)\Mobile Partner\XFramePlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00307200 _____ () C:\Program Files (x86)\Mobile Partner\StatusBarMgrPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00117760 _____ () C:\Program Files (x86)\Mobile Partner\LayoutPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00441856 _____ () C:\Program Files (x86)\Mobile Partner\DialupUIPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00093184 _____ () C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00334336 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00295424 _____ () C:\Program Files (x86)\Mobile Partner\MenuMgrPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00435200 _____ () C:\Program Files (x86)\Mobile Partner\USSDUIPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00485376 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoUIExPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00823808 _____ () C:\Program Files (x86)\Mobile Partner\SMSUIPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00771072 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookUIPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00209408 _____ () C:\Program Files (x86)\Mobile Partner\ToolBarMgrPlugin.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00269824 _____ () C:\Program Files (x86)\Mobile Partner\LiveUpdateInterface.DLL
2013-10-15 21:40 - 2013-10-15 21:40 - 01148416 _____ () C:\Program Files (x86)\Mobile Partner\QtNetwork4.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00082944 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qgif4.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00081920 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qico4.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00192000 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qjpeg4.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00350720 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qmng4.dll
2013-10-15 21:40 - 2013-10-15 21:40 - 00370176 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qtiff4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:71612023
AlternateDataStreams: C:\ProgramData\Temp:A88BE334

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3714319823-260000009-872883684-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joschi\Pictures\Adventsiger_Christmassieger__14_-785-800-600-80.jpg
HKU\S-1-5-21-3714319823-260000009-872883684-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Joschi\Pictures\Adventsiger_Christmassieger__14_-785-800-600-80.jpg
HKU\S-1-5-21-3714319823-260000009-872883684-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 193.189.244.206 - 193.189.244.225

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"

==================== Accounts: =============================

Administrator (S-1-5-21-3714319823-260000009-872883684-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-3714319823-260000009-872883684-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3714319823-260000009-872883684-1003 - Limited - Enabled)
Joschi (S-1-5-21-3714319823-260000009-872883684-1001 - Administrator - Enabled) => C:\Users\Joschi

==================== Faulty Device Manager Devices =============

Name: USB-Massenspeichergerät
Description: USB-Massenspeichergerät
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Kompatibles USB-Speichergerät
Service: USBSTOR
Problem: : Windows cannot load the device driver for this hardware because a previous instance of the device driver is still in memory. (Code 38)
Resolution: The driver could not be loaded because a previous instance is still loaded.
Restart the computer.

Name: USB-Massenspeichergerät
Description: USB-Massenspeichergerät
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Kompatibles USB-Speichergerät
Service: USBSTOR
Problem: : Windows cannot load the device driver for this hardware because a previous instance of the device driver is still in memory. (Code 38)
Resolution: The driver could not be loaded because a previous instance is still loaded.
Restart the computer.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2015 08:35:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Name des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0025c330
ID des fehlerhaften Prozesses: 0xab4
Startzeit der fehlerhaften Anwendung: 0xDark Tales Der schwarze Kater.exe0
Pfad der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe1
Pfad des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe2
Berichtskennung: Dark Tales Der schwarze Kater.exe3
Vollständiger Name des fehlerhaften Pakets: Dark Tales Der schwarze Kater.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Dark Tales Der schwarze Kater.exe5

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Name des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0025c330
ID des fehlerhaften Prozesses: 0x814
Startzeit der fehlerhaften Anwendung: 0xDark Tales Der schwarze Kater.exe0
Pfad der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe1
Pfad des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe2
Berichtskennung: Dark Tales Der schwarze Kater.exe3
Vollständiger Name des fehlerhaften Pakets: Dark Tales Der schwarze Kater.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Dark Tales Der schwarze Kater.exe5

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Name des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0025c330
ID des fehlerhaften Prozesses: 0x814
Startzeit der fehlerhaften Anwendung: 0xDark Tales Der schwarze Kater.exe0
Pfad der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe1
Pfad des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe2
Berichtskennung: Dark Tales Der schwarze Kater.exe3
Vollständiger Name des fehlerhaften Pakets: Dark Tales Der schwarze Kater.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Dark Tales Der schwarze Kater.exe5

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Name des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0025c330
ID des fehlerhaften Prozesses: 0x814
Startzeit der fehlerhaften Anwendung: 0xDark Tales Der schwarze Kater.exe0
Pfad der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe1
Pfad des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe2
Berichtskennung: Dark Tales Der schwarze Kater.exe3
Vollständiger Name des fehlerhaften Pakets: Dark Tales Der schwarze Kater.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Dark Tales Der schwarze Kater.exe5

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Name des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0025c330
ID des fehlerhaften Prozesses: 0x814
Startzeit der fehlerhaften Anwendung: 0xDark Tales Der schwarze Kater.exe0
Pfad der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe1
Pfad des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe2
Berichtskennung: Dark Tales Der schwarze Kater.exe3
Vollständiger Name des fehlerhaften Pakets: Dark Tales Der schwarze Kater.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Dark Tales Der schwarze Kater.exe5

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Name des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0025c330
ID des fehlerhaften Prozesses: 0x814
Startzeit der fehlerhaften Anwendung: 0xDark Tales Der schwarze Kater.exe0
Pfad der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe1
Pfad des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe2
Berichtskennung: Dark Tales Der schwarze Kater.exe3
Vollständiger Name des fehlerhaften Pakets: Dark Tales Der schwarze Kater.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Dark Tales Der schwarze Kater.exe5

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Name des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0025c330
ID des fehlerhaften Prozesses: 0x814
Startzeit der fehlerhaften Anwendung: 0xDark Tales Der schwarze Kater.exe0
Pfad der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe1
Pfad des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe2
Berichtskennung: Dark Tales Der schwarze Kater.exe3
Vollständiger Name des fehlerhaften Pakets: Dark Tales Der schwarze Kater.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Dark Tales Der schwarze Kater.exe5

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Name des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0025c330
ID des fehlerhaften Prozesses: 0x814
Startzeit der fehlerhaften Anwendung: 0xDark Tales Der schwarze Kater.exe0
Pfad der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe1
Pfad des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe2
Berichtskennung: Dark Tales Der schwarze Kater.exe3
Vollständiger Name des fehlerhaften Pakets: Dark Tales Der schwarze Kater.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Dark Tales Der schwarze Kater.exe5

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Name des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0025c330
ID des fehlerhaften Prozesses: 0x814
Startzeit der fehlerhaften Anwendung: 0xDark Tales Der schwarze Kater.exe0
Pfad der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe1
Pfad des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe2
Berichtskennung: Dark Tales Der schwarze Kater.exe3
Vollständiger Name des fehlerhaften Pakets: Dark Tales Der schwarze Kater.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Dark Tales Der schwarze Kater.exe5

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Name des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe, Version: 0.0.0.0, Zeitstempel: 0x4d3d89a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0025c330
ID des fehlerhaften Prozesses: 0x814
Startzeit der fehlerhaften Anwendung: 0xDark Tales Der schwarze Kater.exe0
Pfad der fehlerhaften Anwendung: Dark Tales Der schwarze Kater.exe1
Pfad des fehlerhaften Moduls: Dark Tales Der schwarze Kater.exe2
Berichtskennung: Dark Tales Der schwarze Kater.exe3
Vollständiger Name des fehlerhaften Pakets: Dark Tales Der schwarze Kater.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Dark Tales Der schwarze Kater.exe5


System errors:
=============
Error: (03/12/2015 08:25:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (03/12/2015 08:25:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/12/2015 08:25:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (03/12/2015 08:25:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎12/‎03/‎2015 um 11:02:12 unerwartet heruntergefahren.

Error: (03/11/2015 08:53:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (03/11/2015 08:53:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/11/2015 08:53:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (03/11/2015 08:53:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎11/‎03/‎2015 um 16:18:54 unerwartet heruntergefahren.

Error: (03/05/2015 07:40:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (03/05/2015 07:40:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (03/17/2015 08:35:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4c00000050025c330ab401d060d34f6494c4C:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exeC:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exec9d671a0-ccdc-11e4-811a-001e101f28b2

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4c00000050025c33081401d060d34f839312C:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exeC:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exe8fd2e14b-ccc6-11e4-811a-001e101f28b2

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4c00000050025c33081401d060d34f839312C:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exeC:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exe8fc49308-ccc6-11e4-811a-001e101f28b2

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4c00000050025c33081401d060d34f839312C:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exeC:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exe8fbb0972-ccc6-11e4-811a-001e101f28b2

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4c00000050025c33081401d060d34f839312C:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exeC:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exe8facbb2b-ccc6-11e4-811a-001e101f28b2

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4c00000050025c33081401d060d34f839312C:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exeC:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exe8fa331b0-ccc6-11e4-811a-001e101f28b2

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4c00000050025c33081401d060d34f839312C:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exeC:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exe8f9745b6-ccc6-11e4-811a-001e101f28b2

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4c00000050025c33081401d060d34f839312C:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exeC:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exe8f8b59ca-ccc6-11e4-811a-001e101f28b2

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4c00000050025c33081401d060d34f839312C:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exeC:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exe8f7d0b7e-ccc6-11e4-811a-001e101f28b2

Error: (03/17/2015 05:56:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4Dark Tales Der schwarze Kater.exe0.0.0.04d3d89a4c00000050025c33081401d060d34f839312C:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exeC:\Program Files (x86)\Dark Tales - Der schwarze Kater von Edgar Allan Poe\Dark Tales Der schwarze Kater.exe8f7381fa-ccc6-11e4-811a-001e101f28b2


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU B970 @ 2.30GHz
Percentage of memory in use: 34%
Total physical RAM: 3979.81 MB
Available physical RAM: 2622.8 MB
Total Pagefile: 4683.81 MB
Available Pagefile: 2676.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:134.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:219.38 GB) (Free:219.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 944CB54D)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber · 18.03.2015, 11:50

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

awesomehp Browser newtab extension (HKLM-x32\...\awesomehp Browser newtab extension) (Version: - awesomehp) <==== ATTENTION

VO Package
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

vb1887 · 18.03.2015, 12:53

Habe den Revo Uninstaller runtergeladen, der findet aber dieses Programm nicht

awesomehp Browser newtab extension (HKLM-x32\...\awesomehp Browser newtab extension) (Version: - awesomehp) <==== ATTENTION

Das andere schon und ist deinstalliert

schrauber · 18.03.2015, 17:43

Versuch es normal über Windows zu deinstallieren, egal ob es klappt oder nicht direkt weiter mit den 3 Tools

vb1887 · 18.03.2015, 23:31

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 18.03.2015
Suchlauf-Zeit: 22:00:30
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.11.20.06
Rootkit Datenbank: v2014.11.18.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Joschi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 353209
Verstrichene Zeit: 24 Min, 8 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 5
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\awesomehp Browser newtab extension, In Quarantäne, [7393c37b1d5ff83e7c52fc766d968b75], 
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\awesomehpSoftware, In Quarantäne, [16f052ecde9e85b1c929234fbd46a25e], 
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\Feven Pro, In Quarantäne, [51b5023ce19beb4b8cf39cd437cc4fb1], 
PUP.Optional.Feven.A, HKU\S-1-5-21-3714319823-260000009-872883684-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\APPDATALOW\SOFTWARE\Feven Pro, Löschen bei Neustart, [9d69ec5278049a9c0875b2be08fb36ca], 
PUP.Optional.ReMarkit.A, HKU\S-1-5-21-3714319823-260000009-872883684-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\APPDATALOW\SOFTWARE\Re_markit, Löschen bei Neustart, [709682bcf28a1e18e37ffd438083be42], 

Registrierungswerte: 1
PUM.Bad.Proxy, HKU\S-1-5-21-3714319823-260000009-872883684-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:13828, Löschen bei Neustart, [5fa7df5f443869cd43727430ab5929d7]

Registrierungsdaten: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[699d69d52557eb4b71a21a35ce37f907]

Ordner: 1
PUP.Optional.Awesomehp.A, C:\Users\Joschi\AppData\Roaming\awesomehp, In Quarantäne, [7393c37b1d5ff83e7c52fc766d968b75], 

Dateien: 9
PUP.Optional.SkyTech.A, C:\Users\Joschi\AppData\Roaming\awesomehp\QQBrowserFrame.dll, In Quarantäne, [9175390592ea162057f83ef42fd1fc04], 
PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\sasnative64.exe, In Quarantäne, [53b368d6c2baa096fe70e3d437ca0ef2], 
PUP.Optional.VOPackage.A, C:\Users\Joschi\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [8581d668275513236f9dc98abf4157a9], 
PUP.Optional.DomalQ, C:\Users\Joschi\Downloads\Java.exe, In Quarantäne, [d432ba84e795ef470df940cb47beaa56], 
PUP.Optional.BundleInstaller.A, C:\Users\Joschi\Downloads\setup.exe, In Quarantäne, [c640ef4f0b713bfbffad8dd257aa11ef], 
PUP.Optional.Awesomehp.A, C:\Users\Joschi\AppData\Roaming\awesomehp\54.json, In Quarantäne, [7393c37b1d5ff83e7c52fc766d968b75], 
PUP.Optional.Awesomehp.A, C:\Users\Joschi\AppData\Roaming\awesomehp\awesomehp.exe, In Quarantäne, [7393c37b1d5ff83e7c52fc766d968b75], 
PUP.Optional.Awesomehp.A, C:\Users\Joschi\AppData\Roaming\awesomehp\DataBase, In Quarantäne, [7393c37b1d5ff83e7c52fc766d968b75], 
PUP.Optional.Awesomehp.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\awesomehp.xml, In Quarantäne, [4bbb16281963e155953ae78be122847c], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 18.03.2015 21:59:44, SYSTEM, POU, Protection, Malware Protection, Starting, 
Protection, 18.03.2015 21:59:44, SYSTEM, POU, Protection, Malware Protection, Started, 
Protection, 18.03.2015 21:59:44, SYSTEM, POU, Protection, Malicious Website Protection, Starting, 
Protection, 18.03.2015 21:59:44, SYSTEM, POU, Protection, Malicious Website Protection, Started, 
Update, 18.03.2015 22:00:34, SYSTEM, POU, Manual, Remediation Database, 2013.10.16.1, 2015.3.9.1, 
Error, 18.03.2015 22:02:38, SYSTEM, POU, Manual, 0, 
Update, 18.03.2015 22:02:38, SYSTEM, POU, Manual, Rootkit Database, Failed, Unable to access update server, 2014.11.18.1, 2015.2.25.1, 
Scan, 18.03.2015 22:29:17, SYSTEM, POU, Manual, Start: % 1 "% 2", Dauer: % 1 min 24 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 17-Malwareerkennung, 
Error, 18.03.2015 22:29:32, SYSTEM, POU, Manual, 0, 
Error, 18.03.2015 22:29:32, SYSTEM, POU, Manual, 0, 
Protection, 18.03.2015 22:32:38, SYSTEM, POU, Protection, Malware Protection, Starting, 
Protection, 18.03.2015 22:32:39, SYSTEM, POU, Protection, Malware Protection, Started, 
Protection, 18.03.2015 22:32:39, SYSTEM, POU, Protection, Malicious Website Protection, Starting, 
Protection, 18.03.2015 22:34:03, SYSTEM, POU, Protection, Malicious Website Protection, Started, 
Update, 18.03.2015 22:42:41, SYSTEM, POU, Scheduler, Rootkit Database, 2014.11.18.1, 2015.2.25.1, 

(end)

Code:

ATTFilter

# AdwCleaner v3.019 - Bericht erstellt am 18/03/2015 um 23:11:29
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Joschi - POU
# Gestartet von : C:\Users\Joschi\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17183


-\\ Mozilla Firefox v36.0.1 (x86 de)

[ Datei : C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [13771 octets] - [18/02/2014 00:43:26]
AdwCleaner[R1].txt - [904 octets] - [18/03/2015 22:56:51]
AdwCleaner[R2].txt - [963 octets] - [18/03/2015 23:10:49]
AdwCleaner[S0].txt - [11324 octets] - [18/02/2014 00:44:06]
AdwCleaner[S1].txt - [885 octets] - [18/03/2015 23:11:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [944 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 8 x64
Ran by Joschi on 18.03.2015 at 23:23:17,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update whilokii
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util whilokii
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateWhilokii_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateWhilokii_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilWhilokii_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilWhilokii_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateWhilokii_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateWhilokii_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilWhilokii_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilWhilokii_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Joschi\AppData\Roaming\mozilla\firefox\profiles\t6ma2sc2.default\prefs.js

user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
Emptied folder: C:\Users\Joschi\AppData\Roaming\mozilla\firefox\profiles\t6ma2sc2.default\minidumps [13 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.03.2015 at 23:26:44,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Joschi (administrator) on POU on 18-03-2015 23:58:20
Running from C:\Users\Joschi\Downloads
Loaded Profiles: Joschi (Available profiles: Joschi & Administrator)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Joschi\Downloads\FRST64(3).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUSQuickGesture(x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3714319823-260000009-872883684-1001\...\MountPoints2: {3afa1282-35d9-11e3-8034-08606e4af0d0} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3714319823-260000009-872883684-1001\...\MountPoints2: {3afa12cd-35d9-11e3-8034-08606e4af0d0} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3714319823-260000009-872883684-1001\...\MountPoints2: {f83a432c-35dc-11e3-8035-001e101fb2d1} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3714319823-260000009-872883684-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [898048 2012-07-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3714319823-260000009-872883684-1001] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3714319823-260000009-872883684-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ASUS Browser Extension x64 -> {78234974-0C4B-4111-BDEB-D9A104418772} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll [2012-09-11] (ASUSTeK Computer Inc.)
BHO-x32: ASUS Browser Extension x86 -> {78234974-0C4B-4111-BDEB-D9A104418771} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll [2012-09-11] (ASUSTeK Computer Inc.)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Tcpip\..\Interfaces\{3C2D7332-A7C1-4F97-8147-E75AFF9BA2B1}: [NameServer] 193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default
FF NewTab: chrome://lightning/content/newtab.html
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3714319823-260000009-872883684-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Joschi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-07] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\Extensions\abs@avira.com [2015-03-09]
FF Extension: ep - C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi [2014-02-20]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-01-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-21] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2013-10-15] ()
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [56704 2012-09-11] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2015-01-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2015-01-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 23:26 - 2015-03-18 23:26 - 00002136 _____ () C:\Users\Joschi\Desktop\JRT.txt
2015-03-18 23:18 - 2015-03-18 23:22 - 01388672 _____ (Thisisu) C:\Users\Joschi\Downloads\JRT(3).exe
2015-03-18 23:02 - 2015-03-18 23:07 - 02171392 _____ () C:\Users\Joschi\Downloads\AdwCleaner_4.112(1).exe
2015-03-18 22:45 - 2015-03-18 22:45 - 00003682 _____ () C:\mbam.txt
2015-03-18 22:45 - 2015-03-18 22:45 - 00001488 _____ () C:\mbam.txt2.txt
2015-03-18 21:59 - 2015-03-18 21:59 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-18 21:59 - 2015-03-18 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-18 21:59 - 2015-03-18 21:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-18 21:59 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-18 21:59 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-18 15:44 - 2015-03-18 21:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Joschi\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-18 12:46 - 2015-03-18 12:46 - 00001266 _____ () C:\Users\Joschi\Desktop\Revo Uninstaller.lnk
2015-03-18 12:46 - 2015-03-18 12:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-18 12:39 - 2015-03-18 12:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Joschi\Downloads\revosetup95(1).exe
2015-03-18 12:26 - 2015-03-18 12:36 - 02304936 _____ (VS Revo Group Ltd.) C:\Users\Joschi\Downloads\revosetup95.exe
2015-03-17 21:26 - 2015-03-17 21:26 - 00002080 _____ () C:\Users\Public\Desktop\Zoo Tycoon.lnk
2015-03-17 21:26 - 2015-03-17 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2015-03-17 21:22 - 2015-03-17 21:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2015-03-17 17:01 - 2015-03-17 17:01 - 00002390 _____ () C:\Users\Public\Desktop\Spiel Dark Tales - Der Mord in der Rue Morgue von Edgar Allan Poe.lnk
2015-03-17 17:00 - 2015-03-17 17:01 - 00000000 ____D () C:\Program Files (x86)\Dark Tales - Der Mord in der Rue Morgue von Edgar Allan Poe
2015-03-17 17:00 - 2015-03-17 17:00 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Tales - Der Mord in der Rue Morgue von Edgar Allan Poe
2015-03-17 17:00 - 2015-03-17 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Tales - Der Mord in der Rue Morgue von Edgar Allan Poe
2015-03-17 11:23 - 2015-03-17 11:29 - 02095616 _____ (Farbar) C:\Users\Joschi\Downloads\FRST64(3).exe
2015-03-17 11:19 - 2015-03-17 11:22 - 01135104 _____ (Farbar) C:\Users\Joschi\Downloads\FRST(1).exe
2015-03-16 23:06 - 2015-03-18 22:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-16 22:41 - 2015-03-16 23:05 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Joschi\Downloads\mbar-1.09.1.1004.exe
2015-03-06 13:53 - 2015-03-06 13:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-06 11:03 - 2015-03-06 11:03 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-03-01 11:02 - 2015-03-01 11:02 - 01055936 _____ (Adobe) C:\Users\Joschi\Downloads\install_flashplayer16x32_ltr5x64d_awc_aih(1).exe
2015-03-01 10:47 - 2015-03-01 10:47 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2015-03-01 10:35 - 2015-03-01 10:35 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\TuneUp Software
2015-03-01 10:33 - 2015-03-01 10:44 - 00000000 __SHD () C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2015-03-01 10:33 - 2015-03-01 10:35 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-03-01 10:31 - 2015-03-01 10:33 - 28181408 _____ (TuneUp Software) C:\Users\Joschi\Downloads\TuneUpUtilities2013_de-DE.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 23:58 - 2014-02-17 22:02 - 00015092 _____ () C:\Users\Joschi\Downloads\FRST.txt
2015-03-18 23:58 - 2014-02-17 22:02 - 00000000 ____D () C:\FRST
2015-03-18 23:49 - 2013-02-19 09:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-18 23:20 - 2012-08-03 00:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2015-03-18 23:20 - 2012-08-03 00:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2015-03-18 23:20 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-18 23:15 - 2013-02-18 10:03 - 00000401 _____ () C:\Users\Joschi\AppData\Roaming\sp_data.sys
2015-03-18 23:14 - 2014-02-17 23:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-18 23:13 - 2012-08-02 14:24 - 00043978 _____ () C:\Windows\PFRO.log
2015-03-18 23:13 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-18 23:12 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-18 23:11 - 2014-02-18 00:43 - 00000000 ____D () C:\AdwCleaner
2015-03-18 23:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-03-18 21:59 - 2014-02-17 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-18 21:00 - 2012-10-23 23:25 - 00000000 ____D () C:\ProgramData\Temp
2015-03-18 10:38 - 2013-02-18 10:08 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3714319823-260000009-872883684-1001
2015-03-17 20:42 - 2014-02-17 22:03 - 00039035 _____ () C:\Users\Joschi\Downloads\Addition.txt
2015-03-17 17:02 - 2014-05-13 20:36 - 00000000 ____D () C:\BigFishGamesCache
2015-03-17 17:00 - 2014-05-13 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-17 10:04 - 2013-03-23 17:06 - 00000000 ____D () C:\Zylom Games
2015-03-17 10:04 - 2013-03-23 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
2015-03-17 10:04 - 2013-03-23 17:06 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2015-03-17 10:03 - 2014-02-11 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2015-03-17 10:03 - 2014-02-11 21:19 - 00000000 ____D () C:\Program Files (x86)\Purplehills
2015-03-17 10:00 - 2014-02-01 20:23 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\cerasus.media
2015-03-17 10:00 - 2014-02-01 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\play+smile
2015-03-17 10:00 - 2014-02-01 20:11 - 00000000 ____D () C:\Program Files (x86)\play+smile
2015-03-16 23:30 - 2014-02-17 23:00 - 00000000 ____D () C:\Users\Joschi\Desktop\mbar
2015-03-11 20:52 - 2013-02-19 09:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-10 22:03 - 2012-10-23 23:28 - 01869237 _____ () C:\Windows\WindowsUpdate.log
2015-03-06 15:01 - 2015-01-26 20:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-03-06 11:03 - 2015-01-21 17:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-06 11:03 - 2013-02-23 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-06 11:03 - 2013-02-23 14:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-01 11:04 - 2013-02-25 10:34 - 00000000 ____D () C:\Users\Joschi\AppData\Local\Adobe

==================== Files in the root of some directories =======

2013-02-18 10:03 - 2015-03-18 23:15 - 0000401 _____ () C:\Users\Joschi\AppData\Roaming\sp_data.sys
2014-02-17 11:14 - 2014-02-17 11:14 - 0825216 _____ (AnyProtect.com) C:\Users\Joschi\AppData\Local\nseD7D0.tmp
2012-08-17 01:52 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-17 01:52 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Joschi\AppData\Local\Temp\avgnt.exe
C:\Users\Joschi\AppData\Local\Temp\bfggun.exe
C:\Users\Joschi\AppData\Local\Temp\EBU1DC1.exe
C:\Users\Joschi\AppData\Local\Temp\EBU22D2.DLL
C:\Users\Joschi\AppData\Local\Temp\install_flashplayer16x32_ltr5x64d_awc_aih(2).exe
C:\Users\Joschi\AppData\Local\Temp\Quarantine.exe
C:\Users\Joschi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-18 10:38

==================== End Of Log ============================

--- --- ---

schrauber · 19.03.2015, 12:58

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

vb1887 · 21.03.2015, 21:36

Der Eset Online Scanner lädt immer nur bis 98% dann kommt Updates können nicht geladen werden .

Jetzt zeigt er immer bei 98% an ob ein Proxy eingerichtet ist!?

schrauber · 22.03.2015, 10:41

ESET weg lassen, dafür das hier:

Lade Dir bitte von hier

Emsisoft Emergency Kit herunter.

Bitte installiere das Programm in den vorgegebenen Pfad.
Starte das Programm durch Doppelklick der Desktopverknüpfung.
Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
Folge nun bitte der bebilderten Bildanleitung zu Emergency Kit, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.

17.03.2015, 18:51	#4
schrauber /// the machine /// TB-Ausbilder	Browser sehr lansam FRST öffnen, Haken setzen bei Addition und scannen, poste bitte nur die Addition.txt. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

18.03.2015, 17:43	#8
schrauber /// the machine /// TB-Ausbilder	Browser sehr lansam Versuch es normal über Windows zu deinstallieren, egal ob es klappt oder nicht direkt weiter mit den 3 Tools __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Browser sehr lansam

Plagegeister aller Art und deren Bekämpfung: Browser sehr lansam