Bluescreen BCCode: 124 in hal.dll

Cpt_Chandler · 30.04.2015, 15:40

Hei,

ich habe jetzt seit öfteren immer wieder Bluescreens. Ich habe hierzu auch eine Meldung. Ich habe kein Plan mehr was ich machen soll.

Problemsignatur:
Problemereignisname: BlueScreen
Betriebsystemversion: 6.1.7601.2.1.0.768.3
Gebietsschema-ID: 1031

Zusatzinformationen zum Problem:
BCCode: 124
BCP1: 0000000000000000
BCP2: FFFFFA80047C5038
BCP3: 00000000B6000000
BCP4: 0000000000010015
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
C:\Windows\Minidump\043015-29374-01.dmp
C:\Users\Dominics\AppData\Local\Temp\WER-79763-0.sysdata.xml

schrauber · 30.04.2015, 16:33

hi,

Lade Dir bitte Bluescreenview und installiere es:
BlueScreenView - Download - Filepony

Öffnen und den aktuellsten Dump analysieren lassen (macht das Tool automatisch).
Output hier posten.

Cpt_Chandler · 30.04.2015, 17:35

Hei,

also ich weiß nicht ob dass das richtige ist. Eventuell brauche ich nochmal Hilfe.

==================================================
Dump File : 041715-32947-01.dmp
Crash Time : 17.04.2015 21:25:24
Bug Check String :
Bug Check Code : 0x00000124
Parameter 1 : 00000000`00000000
Parameter 2 : fffffa80`04797038
Parameter 3 : 00000000`b6000000
Parameter 4 : 00000000`00010015
Caused By Driver : hal.dll
Caused By Address : hal.dll+12a3b
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+74ec0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\MiniDump\041715-32947-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 275.568
Dump File Time : 17.04.2015 21:26:31
==================================================

schrauber · 01.05.2015, 15:29

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Cpt_Chandler · 01.05.2015, 15:44

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Dominics (administrator) on DOMINICS-PC on 01-05-2015 16:35:44
Running from C:\Users\Dominics\Downloads\vanessa
Loaded Profiles: Dominics & Chandler (Available profiles: Dominics & Chandler)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5581888 2014-02-24] (ESET)
HKU\S-1-5-21-641145502-1558174140-1403310610-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-641145502-1558174140-1403310610-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-641145502-1558174140-1403310610-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-641145502-1558174140-1403310610-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.de
SearchScopes: HKLM -> DefaultScope {B27D2AB3-F26C-444C-9AA2-99ECA1A7F776} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {B27D2AB3-F26C-444C-9AA2-99ECA1A7F776} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-641145502-1558174140-1403310610-1000 -> DefaultScope {B27D2AB3-F26C-444C-9AA2-99ECA1A7F776} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-641145502-1558174140-1403310610-1000 -> {B27D2AB3-F26C-444C-9AA2-99ECA1A7F776} URL = hxxp://www.sm.de/?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Dominics\AppData\Roaming\Mozilla\Firefox\Profiles\WEwusPSU.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-641145502-1558174140-1403310610-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dominics\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Dominics\AppData\Roaming\Mozilla\Firefox\Profiles\WEwusPSU.default\Extensions\abs@avira.com [2015-02-07]
FF Extension: Amazon-Icon - C:\Users\Dominics\AppData\Roaming\Mozilla\Firefox\Profiles\WEwusPSU.default\Extensions\amazon-icon@giga.de [2015-02-13]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2015-04-07]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.de/", "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-29]
CHR Extension: (pikachu theme) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdbigfofckhdmnfjapophoghiallgop [2015-02-20]
CHR Extension: (Google Docs) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-29]
CHR Extension: (Google Drive) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-29]
CHR Extension: (OkayFreedom) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckipplcmnfhblnpibpbehenelnkpecd [2015-01-29]
CHR Extension: (YouTube) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-29]
CHR Extension: (Google Search) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-29]
CHR Extension: (Google Sheets) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-29]
CHR Extension: (Avira Browser Safety) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-07]
CHR Extension: (BetaFish Adblocker) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-29]
CHR Extension: (Bookmark Manager) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Video Downloader) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpgleggfcndpeflbjhpjfckfmojnpo [2015-03-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-29]
CHR Extension: (Gmail) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1343408 2014-02-24] (ESET)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] ()
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [96544 2015-04-19] (<Turtle Entertainment>)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-30 18:34 - 2015-04-30 18:34 - 00000000 ____D () C:\Users\Dominics\Desktop\Blue
2015-04-30 17:41 - 2015-04-30 17:41 - 00001816 _____ () C:\Users\Dominics\Desktop\bluescreen.txt
2015-04-30 16:33 - 2015-04-30 16:34 - 00275680 _____ () C:\Windows\Minidump\043015-29374-01.dmp
2015-04-30 13:28 - 2015-04-30 13:45 - 00000000 ____D () C:\Users\Dominics\Documents\WhatsApp
2015-04-30 13:24 - 2015-04-30 13:58 - 00000000 ____D () C:\Users\Dominics\Desktop\Pokedes
2015-04-29 18:39 - 2015-04-29 18:39 - 00000778 _____ () C:\Users\Public\Desktop\World of Tanks 0.9.7.lnk
2015-04-29 18:39 - 2015-04-29 18:39 - 00000773 _____ () C:\Users\Public\Desktop\World of Tanks Launcher 0.9.7.lnk
2015-04-26 20:08 - 2015-04-26 20:08 - 00275568 _____ () C:\Windows\Minidump\042615-28766-01.dmp
2015-04-24 21:31 - 2015-04-24 21:31 - 00022929 _____ () C:\Users\Dominics\Desktop\ts3.m3u
2015-04-20 22:09 - 2015-05-01 16:35 - 00000000 ____D () C:\Users\Dominics\Downloads\vanessa
2015-04-19 20:51 - 2015-04-19 20:51 - 00275568 _____ () C:\Windows\Minidump\041915-28797-01.dmp
2015-04-19 18:58 - 2015-04-19 18:58 - 00275680 _____ () C:\Windows\Minidump\041915-29530-01.dmp
2015-04-19 17:00 - 2015-04-19 17:00 - 00275680 _____ () C:\Windows\Minidump\041915-31122-01.dmp
2015-04-17 21:26 - 2015-04-17 21:26 - 00275568 _____ () C:\Windows\Minidump\041715-32947-01.dmp
2015-04-17 21:24 - 2015-04-17 21:24 - 18092878 _____ () C:\Users\Dominics\Downloads\X-Men_Magneto_Cat.mp4
2015-04-17 21:23 - 2015-04-17 21:24 - 10807408 _____ () C:\Users\Dominics\Downloads\Wolverine_Cat_Troll_Hunter.mp4
2015-04-17 21:23 - 2015-04-17 21:23 - 13117704 _____ () C:\Users\Dominics\Downloads\X-Men_Origins_Wolverine_Cat.mp4
2015-04-17 21:22 - 2015-04-17 21:23 - 11008936 _____ () C:\Users\Dominics\Downloads\X-Men_Origins_Cyclops_Cat.mp4
2015-04-17 21:21 - 2015-04-17 21:21 - 09167730 _____ () C:\Users\Dominics\Downloads\Hand_of_God_No_More_Gangnam_Style_Episode_3.mp4
2015-04-17 21:19 - 2015-04-17 21:22 - 17357902 _____ () C:\Users\Dominics\Downloads\Hand_of_God_Pull_My_Finger_Episode_2.mp4
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Vorlagen
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Startmenü
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Netzwerkumgebung
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Lokale Einstellungen
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Eigene Dateien
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Druckumgebung
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Documents\Eigene Musik
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Documents\Eigene Bilder
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\AppData\Local\Verlauf
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\AppData\Local\Anwendungsdaten
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Anwendungsdaten
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 ____D () C:\Users\Chandler\AppData\Roaming\CyberLink
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 ____D () C:\Users\Chandler\AppData\Local\VirtualStore
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 ____D () C:\Users\Chandler\AppData\Local\PowerCinema
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 ____D () C:\Users\Chandler
2015-04-15 21:07 - 2011-04-14 09:40 - 00059968 _____ () C:\Users\Chandler\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-15 21:07 - 2011-04-14 09:35 - 00000000 ____D () C:\Users\Chandler\AppData\Roaming\Macromedia
2015-04-15 21:07 - 2011-04-14 09:35 - 00000000 ____D () C:\Users\Chandler\AppData\Roaming\Adobe
2015-04-15 21:07 - 2011-04-14 09:35 - 00000000 ____D () C:\Users\Chandler\AppData\Local\Adobe
2015-04-15 21:07 - 2011-04-14 09:31 - 00000000 ____D () C:\Users\Chandler\AppData\Local\Downloaded Installations
2015-04-15 21:07 - 2011-04-14 09:01 - 00000000 ____D () C:\Users\Chandler\AppData\Local\Windows Live
2015-04-15 21:07 - 2010-11-21 04:51 - 00001449 _____ () C:\Users\Chandler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-15 21:07 - 2010-11-21 04:51 - 00001415 _____ () C:\Users\Chandler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-04-15 21:07 - 2010-11-21 04:50 - 00000020 ___SH () C:\Users\Chandler\ntuser.ini
2015-04-15 21:07 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Chandler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-15 21:07 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Chandler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-14 23:41 - 2015-04-14 23:41 - 00000000 ____D () C:\Users\Dominics\Desktop\handy
2015-04-14 23:22 - 2015-04-14 23:23 - 00031828 _____ () C:\Windows\DPINST.LOG
2015-04-11 11:28 - 2015-04-11 11:50 - 00000003 _____ () C:\Users\Dominics\Documents\asd.txt
2015-04-10 14:51 - 2015-04-10 15:06 - 00000000 ____D () C:\Users\Dominics\Documents\Neuer Ordner
2015-04-10 13:17 - 2015-04-10 13:37 - 00000000 ____D () C:\Users\Dominics\Documents\Handy
2015-04-09 19:17 - 2015-04-09 19:17 - 30544295 _____ () C:\Users\Dominics\Downloads\Hill_Climb_Racing_v1.22.0_MOD_(www.ApkHouse.com).apk
2015-04-09 19:05 - 2015-04-09 19:05 - 31154570 _____ () C:\Users\Dominics\Downloads\Hill Climb Racing v1.21.2 [MOD] by OnHAX.apk
2015-04-09 14:08 - 2015-04-09 14:08 - 01349159 _____ () C:\Users\Dominics\Desktop\ddd.m3u
2015-04-09 11:50 - 2015-04-09 11:50 - 00001606 _____ () C:\Users\Dominics\Desktop\mp 3 - Verknüpfung.lnk
2015-04-08 18:53 - 2015-04-08 18:53 - 00000000 ____D () C:\Users\Dominics\AppData\Local\Steam
2015-04-08 18:49 - 2015-05-01 15:06 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-08 18:49 - 2015-04-08 18:49 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-04-08 18:49 - 2015-04-08 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-08 18:48 - 2015-04-08 18:48 - 01142128 _____ () C:\Users\Dominics\Downloads\SteamSetup.exe
2015-04-08 16:40 - 2015-04-08 16:40 - 02953096 _____ (ESET) C:\Windows\SysWOW64\%InstallDir%speclean.exe
2015-04-07 23:32 - 2015-04-25 13:28 - 00000000 ____D () C:\Users\Dominics\AppData\Local\CrashDumps
2015-04-07 23:32 - 2015-04-07 23:32 - 00000000 ____D () C:\Users\Dominics\AppData\Roaming\ESET
2015-04-07 23:32 - 2015-04-07 23:32 - 00000000 ____D () C:\Users\Dominics\AppData\Local\ESET
2015-04-07 23:28 - 2015-04-07 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-04-07 23:28 - 2015-04-07 23:28 - 00000000 ____D () C:\ProgramData\ESET
2015-04-07 23:28 - 2015-04-07 23:28 - 00000000 ____D () C:\Program Files\ESET
2015-04-07 23:10 - 2015-04-08 11:27 - 00169898 _____ () C:\Windows\PFRO.log
2015-04-07 19:46 - 2015-04-27 16:29 - 00001742 _____ () C:\Users\Public\Desktop\OMC ModPack entfernen 0.9.6.lnk
2015-04-07 19:39 - 2015-04-30 17:30 - 00001131 _____ () C:\Users\Public\Desktop\OMC ModPack Aktualisierung- Rekonfiguration.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-01 16:35 - 2015-01-29 20:39 - 00000000 ____D () C:\FRST
2015-05-01 16:13 - 2015-01-29 15:01 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-01 15:38 - 2015-01-29 20:15 - 00000000 ____D () C:\Users\Dominics\AppData\Roaming\TS3Client
2015-05-01 15:04 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-01 15:04 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-01 14:59 - 2015-01-29 00:27 - 01536212 _____ () C:\Windows\WindowsUpdate.log
2015-05-01 14:57 - 2015-02-13 18:39 - 00000000 ____D () C:\Users\Dominics\AppData\Local\HTC MediaHub
2015-05-01 14:56 - 2015-03-22 13:40 - 00019000 _____ () C:\Windows\setupact.log
2015-05-01 14:56 - 2015-01-29 15:01 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-01 14:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-30 19:34 - 2015-03-01 14:53 - 00000000 ____D () C:\Users\Dominics\AppData\Local\ESL Wire Game Client
2015-04-30 19:06 - 2015-03-01 15:04 - 00000000 ____D () C:\Users\Dominics\Documents\ESL Match Media
2015-04-30 16:33 - 2015-03-24 00:12 - 529130855 _____ () C:\Windows\MEMORY.DMP
2015-04-30 16:33 - 2015-02-07 03:03 - 00000000 ____D () C:\Windows\Minidump
2015-04-30 15:19 - 2015-01-29 09:18 - 00699420 _____ () C:\Windows\system32\perfh007.dat
2015-04-30 15:19 - 2015-01-29 09:18 - 00149270 _____ () C:\Windows\system32\perfc007.dat
2015-04-30 15:19 - 2009-07-14 07:13 - 01619896 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-30 14:00 - 2015-01-29 00:42 - 00000000 ____D () C:\Users\Dominics\AppData\Local\Windows Live
2015-04-27 16:23 - 2015-02-06 19:39 - 00000000 ____D () C:\Users\Dominics\AppData\Roaming\Microsoft\Windows\Start Menu\OMC ModPack Client
2015-04-27 16:23 - 2015-02-06 19:39 - 00000000 ____D () C:\Program Files (x86)\OMC ModPack Client
2015-04-25 13:28 - 2015-01-31 12:34 - 00000000 ____D () C:\Users\Dominics\AppData\Roaming\vlc
2015-04-23 17:37 - 2015-02-13 17:42 - 00000000 ___RD () C:\Users\Dominics\Desktop\Neuer Ordner
2015-04-22 00:03 - 2015-02-08 15:17 - 00000000 ____D () C:\Users\Dominics\AppData\Roaming\SoftGrid Client
2015-04-21 12:24 - 2011-04-14 09:00 - 00000000 ____D () C:\Program Files\Acer
2015-04-21 12:23 - 2011-04-14 08:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-04-19 20:20 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-19 14:12 - 2015-03-01 15:04 - 00096544 _____ (<Turtle Entertainment>) C:\Windows\system32\Drivers\ESLWireACD.sys
2015-04-14 23:22 - 2015-01-29 00:42 - 00000000 ____D () C:\Users\Dominics\AppData\Local\Downloaded Installations
2015-04-13 21:01 - 2015-01-29 00:42 - 00062792 _____ () C:\Users\Dominics\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-12 19:09 - 2009-07-14 06:45 - 00277072 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-08 11:27 - 2015-02-07 12:58 - 00000000 ____D () C:\ProgramData\Avira
2015-04-08 11:27 - 2015-02-07 12:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-07 23:35 - 2015-01-29 00:42 - 00000000 ____D () C:\Users\Dominics\AppData\Local\Adobe
2015-04-07 23:34 - 2015-01-29 00:42 - 00000000 ____D () C:\Users\Dominics\AppData\Roaming\Adobe

==================== Files in the root of some directories =======

2015-01-29 01:22 - 2015-01-29 01:31 - 0015134 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-04-14 08:41 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\Dominics\AppData\Local\Temp\avgnt.exe
C:\Users\Dominics\AppData\Local\Temp\InstHelper.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-25 10:41

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by Dominics at 2015-05-01 16:37:25
Running from C:\Users\Dominics\Downloads\vanessa
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-641145502-1558174140-1403310610-500 - Administrator - Disabled)
Chandler (S-1-5-21-641145502-1558174140-1403310610-1001 - Limited - Enabled) => C:\Users\Chandler
Dominics (S-1-5-21-641145502-1558174140-1403310610-1000 - Administrator - Enabled) => C:\Users\Dominics
Gast (S-1-5-21-641145502-1558174140-1403310610-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1912 Titanic Mystery (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117897550}) (Version:  - Oberon Media)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1523 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{C97623E2-0614-4845-B199-8E8BEC8E131C}_is1) (Version: 6.1.0.40497 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.153.1 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{4292776A-4F23-E108-83B2-2C27398E8BCF}) (Version: 3.0.804.0 - ATI Technologies, Inc.)
Backup Manager V3 (x32 Version: 3.0.0.85 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}) (Version:  - Oberon Media)
Belles Beauty Boutique (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112623650}) (Version:  - Oberon Media)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
ccc-core-static (x32 Version: 2011.0111.1350.24756 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Chicken Invaders 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version:  - Oberon Media)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1422.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1422.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7418 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.41.1.51 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DriverToolkit version 8.4.0.0 (HKLM-x32\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.4.0.0 - Megaify Software)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESET Smart Security (HKLM\...\{C8F03593-6742-40F4-89E2-EBE0A2D8F719}) (Version: 7.0.400.1 - ESET, spol s r. o.)
ESL Wire 1.18.0 (HKLM\...\ESL Wire_is1) (Version:  - Turtle Entertainment GmbH)
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Farm Frenzy 3 Ice Age (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118399487}) (Version:  - Oberon Media)
Flip Words (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}) (Version:  - Oberon Media)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.44.5 - HTC)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.5 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.4.2000 - Maxthon International Limited)
MediaEspresso (x32 Version: 1.0.1418_35759 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
OMC ModPack Client Version 1.2.6.2 (HKLM-x32\...\{E2F3187C-2B94-486F-8914-E69211487FB6}_is1) (Version: 1.2.6.2 - Odem Mortis)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Spotify (HKU\S-1-5-21-641145502-1558174140-1403310610-1000\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
Sprill and Ritchie (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117932650}) (Version:  - Oberon Media)
Startfenster (HKLM\...\Startfenster) (Version:  - Startfenster)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Unity Web Player (HKU\S-1-5-21-641145502-1558174140-1403310610-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
World of Goo (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}) (Version:  - Oberon Media)
World of Tanks - Common Test (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1) (Version:  - Wargaming.net)
World of Tanks (HKU\S-1-5-21-641145502-1558174140-1403310610-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Tanks (HKU\S-1-5-21-641145502-1558174140-1403310610-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

21-04-2015 12:22:47 Installiert Acer Updater

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-01-29 17:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1305F603-C71F-4E04-89BF-4A2321582787} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {283F76BE-FBB5-4C81-B4DF-3F951EC1D5AE} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-02-22] (Acer Incorporated)
Task: {2951F63D-77EE-480E-A417-64B116D25FA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-29] (Google Inc.)
Task: {36DC30DB-7555-4B43-AB50-2C91A3A9A3B4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-29] (Google Inc.)
Task: {84E7FA3D-3E9E-431F-AC5E-F8A03506F7AC} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-02-22] (CyberLink)
Task: {A997FE55-4478-411A-8EB4-6186FC08AF03} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2015-02-11] (Maxthon International ltd.)
Task: {C160B9AB-D192-4110-A50B-AD6CC265A124} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-02-22] (CyberLink Corp.)
Task: {CDC245DD-CB8C-4327-BDAF-2ED58010F4FB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-01 14:54 - 2014-01-28 12:40 - 00663056 _____ () C:\Program Files\EslWire\service\WireHelperSvc.exe
2015-03-01 14:54 - 2014-10-09 16:22 - 00214016 _____ () C:\Program Files\EslWire\service\NocIPC64.dll
2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-12-18 16:27 - 2014-12-18 16:27 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-02-28 11:14 - 2014-02-28 11:14 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-08-04 15:43 - 2014-08-04 15:43 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-08-04 15:43 - 2014-08-04 15:43 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-08-04 15:46 - 2014-08-04 15:46 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2015-01-31 00:34 - 2015-01-31 00:34 - 00486912 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\soundboard.dll
2014-08-04 15:46 - 2014-08-04 15:46 - 00579016 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2014-12-18 16:25 - 2014-12-18 16:25 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 16:26 - 2014-12-18 16:26 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-12-18 16:26 - 2014-12-18 16:26 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-12-18 16:26 - 2014-12-18 16:26 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-12-18 16:26 - 2014-12-18 16:26 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-12-18 16:29 - 2014-12-18 16:29 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-12-18 16:31 - 2014-12-18 16:31 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2011-02-15 20:37 - 2011-02-15 20:37 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-02-15 20:36 - 2011-02-15 20:36 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-02-15 20:37 - 2011-02-15 20:37 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-02-22 11:01 - 2011-02-22 11:01 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2015-04-08 18:52 - 2015-03-10 08:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-04-08 18:52 - 2014-12-02 02:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-04-08 18:52 - 2014-12-02 02:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-04-08 18:52 - 2014-12-02 02:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-04-08 18:52 - 2015-04-14 01:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2015-04-08 18:52 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-04-08 18:52 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-04-08 18:52 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-04-08 18:52 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-04-08 18:52 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-04-08 18:52 - 2015-04-14 01:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-04-08 18:52 - 2015-02-25 03:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-04-08 18:52 - 2015-02-25 03:58 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2015-04-30 18:17 - 2015-04-28 04:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 18:17 - 2015-04-28 04:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Dominics\Downloads\Bewerbung B1 Praktika.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-641145502-1558174140-1403310610-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dominics\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: ESL Wire => "C:\Program Files\EslWire\wire.exe" --tray
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: OOTag => C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
MSCONFIG\startupreg: Power Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Dominics\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{6D2020AC-5BED-415D-B0AA-1ECCB5BCB6BE}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{B8302282-3E6D-4ECA-8DAA-D9FD36D4BC0A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{62E26B0A-F986-47F6-9D65-DA0D9E19D5A2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D7C9E669-A227-4DFF-8868-2337A5BEC533}] => (Allow) LPort=2869
FirewallRules: [{A63DAD00-2489-4A31-AE09-C2EF9FE94470}] => (Allow) LPort=1900
FirewallRules: [{DAFF7517-040F-4AF2-B1F2-22A3366B3D4B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{ABE80859-2614-49F2-BCBF-B7113CB58143}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{57CCE6DE-1954-4ACE-AF2F-848F2B698371}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{07B93D62-008C-4C5D-81E1-9EBF121BED17}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{D18E85A1-593B-4C63-A6C1-2EF9F3F93BEF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{ADF34EB9-0663-44D2-B940-A9F222FD864B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{A7D3F8D3-7B3A-4A8D-A499-4A5A32F59A6E}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{63802747-DD12-4443-9920-AFC789CCA662}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{682C512F-835C-473C-8959-AA431A7530D2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{EE1EBBF5-F648-468C-81FE-D4528F3D5148}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{B5BD6262-FB2F-4B2B-9B6C-1B23D5BCD013}C:\games\world_of_tanks\worldoftanks.exe] => (Block) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{E8EE6FF9-B19F-45D8-99F6-29684ACF0E84}C:\games\world_of_tanks\worldoftanks.exe] => (Block) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{94047FD7-CEF3-43E0-B7D1-98B30112C1A8}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{012650AF-E320-48BA-9B46-113DE8B259A9}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{1787970F-57AF-4C9F-ADFA-5F0BBCE300EA}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [TCP Query User{51EE4140-8878-4EF2-B8B1-D6C562A83E9D}C:\games\world_of_tanks_na\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_na\wotlauncher.exe
FirewallRules: [UDP Query User{4800C998-D8ED-44A8-8CB5-F78CB115F641}C:\games\world_of_tanks_na\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_na\wotlauncher.exe
FirewallRules: [TCP Query User{29332D97-819A-41E7-A1C5-474251CAB670}C:\games\world_of_tanks_na\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\worldoftanks.exe
FirewallRules: [UDP Query User{A851F734-344C-432D-A1F4-3715B6A0C7E7}C:\games\world_of_tanks_na\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\worldoftanks.exe
FirewallRules: [{D7D82129-98CD-424A-B3C7-8DE3A74601A4}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{82EC3B96-0180-43D6-9ADD-6446ABA2A07A}C:\games\world_of_tanks_cts\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_cts\wotlauncher.exe
FirewallRules: [UDP Query User{B3919E53-AE57-430C-8D77-84B4B32000A2}C:\games\world_of_tanks_cts\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_cts\wotlauncher.exe
FirewallRules: [TCP Query User{EDFF8432-29F2-423D-84E8-E1CEF98C6CA2}C:\games\world_of_tanks_cts\worldoftanks.exe] => (Block) C:\games\world_of_tanks_cts\worldoftanks.exe
FirewallRules: [UDP Query User{FF6CEC2F-4EB9-48FB-8B84-CE7D0B7A7EA6}C:\games\world_of_tanks_cts\worldoftanks.exe] => (Block) C:\games\world_of_tanks_cts\worldoftanks.exe
FirewallRules: [TCP Query User{FB5FDB06-A674-4C5C-8E28-86124BCF6172}E:\games\world_of_tanks\wotlauncher.exe] => (Allow) E:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{DC8951E3-CE42-42CD-86F1-ACEB4D2BDB27}E:\games\world_of_tanks\wotlauncher.exe] => (Allow) E:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{ADC934CA-942E-4E6B-88DD-535B5FD3295A}] => (Allow) C:\Program Files\EslWire\wire.exe
FirewallRules: [{2471E6E4-BF70-4B78-9D08-BE878559B88A}] => (Allow) C:\Program Files\EslWire\wire.exe
FirewallRules: [{0F22FC4B-EFD2-48EE-927E-CD270F6036E6}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{4EA4740B-4A19-4584-B7B2-E3F531FED9A5}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{64BFD91E-1788-4B80-B86F-048F4B106908}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{4871DB3C-58F9-4DAE-AFD9-DAE490D86299}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [TCP Query User{51487077-83D1-4678-ABED-52F34C2622B8}C:\users\dominics\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dominics\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{55F6F7D4-2A17-4A0A-9F09-D50C676E0709}C:\users\dominics\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dominics\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4AD0C21A-57A3-487E-B9B3-C990DAFCC754}C:\users\dominics\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\dominics\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5FEDFA8F-2E35-4716-B2DE-B90C9C66407A}C:\users\dominics\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\dominics\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E47A6488-161F-45DF-8549-AF46E66155DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F84514F9-3C17-45C8-8D86-4E4809AD0777}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{90DB8415-ACC1-421B-B0DB-46E2302C5A64}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{49A1A268-4649-4C62-8C67-4AE2AB1F2ECF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0BE84668-E428-43D9-9D56-7A5075E8EEDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{2745987E-D390-4C15-8C54-47DE74B51374}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{D9188923-A95D-4E7E-A190-A888CBF7C512}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{B33FDCBF-40ED-47E4-8FD2-90CF6008B319}] => (Allow) C:\Program Files (x86)\OMC ModPack Client\OMC ModPack Client.exe
FirewallRules: [{E4EEB1DE-BBF3-4D09-92C7-773CB082DE67}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/01/2015 02:58:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 10:10:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2015 04:35:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2015 01:10:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2015 06:45:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm ts3client_win64.exe, Version 3.0.16.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c14

Startzeit: 01d0829114edc477

Endzeit: 37

Anwendungspfad: C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe

Berichts-ID: 156d8d16-ee8f-11e4-9715-b870f47a252e

Error: (04/29/2015 05:27:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2015 09:12:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/28/2015 08:46:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2015 01:08:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/28/2015 01:01:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/01/2015 02:56:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/01/2015 10:08:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/30/2015 04:34:13 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000124 (0x0000000000000000, 0xfffffa80047c5038, 0x00000000b6000000, 0x0000000000010015)C:\Windows\MEMORY.DMP043015-29374-01

Error: (04/30/2015 04:33:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/30/2015 04:33:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎30.‎04.‎2015 um 16:32:40 unerwartet heruntergefahren.

Error: (04/30/2015 01:09:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/29/2015 05:25:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/28/2015 08:44:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/28/2015 01:00:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/27/2015 08:59:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (05/01/2015 02:58:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 10:10:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2015 04:35:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2015 01:10:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2015 06:45:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ts3client_win64.exe3.0.16.0c1401d0829114edc47737C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe156d8d16-ee8f-11e4-9715-b870f47a252e

Error: (04/29/2015 05:27:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2015 09:12:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dominics\Downloads\esetsmartinstaller_deu.exe

Error: (04/28/2015 08:46:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2015 01:08:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe

Error: (04/28/2015 01:01:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-01-29 15:59:03.271
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-29 15:59:03.253
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: AMD E-350 Processor
Percentage of memory in use: 37%
Total physical RAM: 3818.9 MB
Available physical RAM: 2372 MB
Total Pagefile: 7635.99 MB
Available Pagefile: 5888.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:262.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9F43E1C3)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 02.05.2015, 13:54

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Cpt_Chandler · 02.05.2015, 15:18

Code:

ATTFilter

ComboFix 15-04-28.01 - Dominics 02.05.2015  15:06:26.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3819.2373 [GMT 2:00]
ausgeführt von:: c:\users\Dominics\Downloads\vanessa\ComboFix.exe
FW: ESET Personal Firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-02 bis 2015-05-02  ))))))))))))))))))))))))))))))
.
.
2015-05-02 14:12 . 2015-05-02 14:12	--------	d-----w-	c:\users\Public\AppData\Local\temp
2015-05-02 14:12 . 2015-05-02 14:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-02 11:39 . 2015-05-02 11:40	--------	d-----w-	c:\program files (x86)\Overwolf
2015-05-02 11:39 . 2015-05-02 11:39	--------	d-----w-	c:\program files (x86)\Common Files\Overwolf
2015-05-02 11:39 . 2015-05-02 11:41	--------	d-----w-	c:\programdata\Overwolf
2015-05-02 11:32 . 2015-05-02 11:43	--------	d-----w-	c:\users\Dominics\AppData\Local\Overwolf
2015-04-15 19:07 . 2015-04-15 19:07	--------	d-----w-	c:\users\Chandler
2015-04-08 16:53 . 2015-04-08 16:53	--------	d-----w-	c:\users\Dominics\AppData\Local\Steam
2015-04-08 16:49 . 2015-04-17 19:28	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2015-04-08 16:49 . 2015-05-01 17:38	--------	d-----w-	c:\program files (x86)\Steam
2015-04-08 14:40 . 2015-04-08 14:40	2953096	----a-w-	c:\windows\SysWow64\%InstallDir%speclean.exe
2015-04-07 21:32 . 2015-04-07 21:32	--------	d-----w-	c:\users\Dominics\AppData\Local\ESET
2015-04-07 21:32 . 2015-04-25 11:28	--------	d-----w-	c:\users\Dominics\AppData\Local\CrashDumps
2015-04-07 21:28 . 2015-04-07 21:28	--------	d-----w-	c:\program files\ESET
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-19 12:12 . 2015-03-01 13:04	96544	----a-w-	c:\windows\system32\drivers\ESLWireACD.sys
2015-03-11 19:38 . 2015-03-11 19:38	0	----a-w-	c:\windows\SysWow64\shoE496.tmp
2015-03-11 17:28 . 2015-02-15 21:11	122905848	----a-w-	c:\windows\system32\MRT.exe
2015-03-11 04:06 . 2015-03-25 10:17	677888	----a-w-	c:\windows\system32\generaltel.dll
2015-03-11 04:06 . 2015-03-25 10:17	760832	----a-w-	c:\windows\system32\invagent.dll
2015-03-11 04:06 . 2015-03-25 10:17	414720	----a-w-	c:\windows\system32\devinv.dll
2015-03-11 04:06 . 2015-03-25 10:17	943616	----a-w-	c:\windows\system32\appraiser.dll
2015-03-11 04:05 . 2015-03-25 10:17	30720	----a-w-	c:\windows\system32\acmigration.dll
2015-03-11 04:05 . 2015-03-25 10:17	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-03-11 04:05 . 2015-03-25 10:17	192000	----a-w-	c:\windows\system32\aepic.dll
2015-03-11 04:02 . 2015-03-25 10:17	1107456	----a-w-	c:\windows\system32\aeinv.dll
2015-03-06 05:56 . 2015-03-10 19:08	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-03-06 05:56 . 2015-03-10 19:08	155576	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2015-03-06 05:42 . 2015-03-10 19:08	210944	----a-w-	c:\windows\system32\wdigest.dll
2015-03-06 05:42 . 2015-03-10 19:08	86528	----a-w-	c:\windows\system32\TSpkg.dll
2015-03-06 05:42 . 2015-03-10 19:08	136192	----a-w-	c:\windows\system32\sspicli.dll
2015-03-06 05:42 . 2015-03-10 19:08	29184	----a-w-	c:\windows\system32\sspisrv.dll
2015-03-06 05:42 . 2015-03-10 19:08	341504	----a-w-	c:\windows\system32\schannel.dll
2015-03-06 05:42 . 2015-03-10 19:08	28160	----a-w-	c:\windows\system32\secur32.dll
2015-03-06 05:42 . 2015-03-10 19:08	314880	----a-w-	c:\windows\system32\msv1_0.dll
2015-03-06 05:42 . 2015-03-10 19:08	309760	----a-w-	c:\windows\system32\ncrypt.dll
2015-03-06 05:42 . 2015-03-10 19:08	1461760	----a-w-	c:\windows\system32\lsasrv.dll
2015-03-06 05:42 . 2015-03-10 19:08	728064	----a-w-	c:\windows\system32\kerberos.dll
2015-03-06 05:42 . 2015-03-10 19:08	22016	----a-w-	c:\windows\system32\credssp.dll
2015-03-06 05:41 . 2015-03-10 19:08	31232	----a-w-	c:\windows\system32\lsass.exe
2015-03-06 05:41 . 2015-03-10 19:08	64000	----a-w-	c:\windows\system32\auditpol.exe
2015-03-06 05:39 . 2015-03-10 19:08	60416	----a-w-	c:\windows\system32\msobjs.dll
2015-03-06 05:38 . 2015-03-10 19:08	146432	----a-w-	c:\windows\system32\msaudite.dll
2015-03-06 05:36 . 2015-03-10 19:08	686080	----a-w-	c:\windows\system32\adtschema.dll
2015-03-06 05:10 . 2015-03-10 19:08	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2015-03-06 05:10 . 2015-03-10 19:08	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10 . 2015-03-10 19:08	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-03-06 05:10 . 2015-03-10 19:08	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2015-03-06 05:10 . 2015-03-10 19:08	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10 . 2015-03-10 19:08	221184	----a-w-	c:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10 . 2015-03-10 19:08	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2015-03-06 05:10 . 2015-03-10 19:08	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2015-03-06 05:09 . 2015-03-10 19:08	50176	----a-w-	c:\windows\SysWow64\auditpol.exe
2015-03-06 05:09 . 2015-03-10 19:08	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2015-03-06 05:07 . 2015-03-10 19:08	60416	----a-w-	c:\windows\SysWow64\msobjs.dll
2015-03-06 05:07 . 2015-03-10 19:08	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2015-03-06 05:06 . 2015-03-10 19:08	686080	----a-w-	c:\windows\SysWow64\adtschema.dll
2015-02-26 03:25 . 2015-03-10 19:08	3204096	----a-w-	c:\windows\system32\win32k.sys
2015-02-24 03:15 . 2015-03-10 19:08	389800	----a-w-	c:\windows\system32\iedkcs32.dll
2015-02-21 01:16 . 2015-03-10 19:08	25021440	----a-w-	c:\windows\system32\mshtml.dll
2015-02-20 23:58 . 2015-03-10 19:08	92160	----a-w-	c:\windows\system32\mshtmled.dll
2015-02-20 04:41 . 2015-03-10 19:09	41984	----a-w-	c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-10 19:09	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-10 19:09	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-10 19:09	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-10 19:09	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-10 19:09	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-10 19:09	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-10 19:09	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-10 19:09	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-10 19:09	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-02-20 03:06 . 2015-03-10 19:08	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2015-02-20 03:05 . 2015-03-10 19:08	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2015-02-20 02:50 . 2015-03-10 19:08	66560	----a-w-	c:\windows\system32\iesetup.dll
2015-02-20 02:49 . 2015-03-10 19:08	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2015-02-20 02:49 . 2015-03-10 19:08	584192	----a-w-	c:\windows\system32\vbscript.dll
2015-02-20 02:48 . 2015-03-10 19:08	2886144	----a-w-	c:\windows\system32\iertutil.dll
2015-02-20 02:47 . 2015-03-10 19:08	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2015-02-20 02:41 . 2015-03-10 19:08	54784	----a-w-	c:\windows\system32\jsproxy.dll
2015-02-20 02:40 . 2015-03-10 19:08	34304	----a-w-	c:\windows\system32\iernonce.dll
2015-02-20 02:36 . 2015-03-10 19:08	633856	----a-w-	c:\windows\system32\ieui.dll
2015-02-20 02:35 . 2015-03-10 19:08	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2015-02-20 02:35 . 2015-03-10 19:08	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2015-02-20 02:34 . 2015-03-10 19:08	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2015-02-20 02:32 . 2015-03-10 19:08	6035456	----a-w-	c:\windows\system32\jscript9.dll
2015-02-20 02:26 . 2015-03-10 19:08	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2015-02-20 02:22 . 2015-03-10 19:08	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2015-02-20 02:22 . 2015-03-10 19:08	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2015-02-20 02:13 . 2015-03-10 19:08	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-20 02:09 . 2015-03-10 19:08	503296	----a-w-	c:\windows\SysWow64\vbscript.dll
2015-02-20 02:08 . 2015-03-10 19:08	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2015-02-20 02:08 . 2015-03-10 19:08	199680	----a-w-	c:\windows\system32\msrating.dll
2015-02-20 02:08 . 2015-03-10 19:08	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06 . 2015-03-10 19:08	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2015-02-20 02:05 . 2015-03-10 19:08	316928	----a-w-	c:\windows\system32\dxtrans.dll
2015-02-20 01:56 . 2015-03-10 19:08	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2015-02-20 01:56 . 2015-03-10 19:08	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2015-02-20 01:49 . 2015-03-10 19:08	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2015-02-20 01:49 . 2015-03-10 19:08	801280	----a-w-	c:\windows\system32\msfeeds.dll
2015-02-20 01:47 . 2015-03-10 19:08	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2015-02-20 01:46 . 2015-03-10 19:08	2125824	----a-w-	c:\windows\system32\inetcpl.cpl
2015-02-20 01:43 . 2015-03-10 19:08	14398976	----a-w-	c:\windows\system32\ieframe.dll
2015-02-20 01:41 . 2015-03-10 19:08	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30 . 2015-03-10 19:08	4300288	----a-w-	c:\windows\SysWow64\jscript9.dll
2015-02-20 01:28 . 2015-03-10 19:08	2358784	----a-w-	c:\windows\system32\wininet.dll
2015-02-20 01:24 . 2015-03-10 19:08	2052608	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2015-02-20 01:23 . 2015-03-10 19:08	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:16 . 2015-03-10 19:08	1548288	----a-w-	c:\windows\system32\urlmon.dll
2015-02-20 01:03 . 2015-03-10 19:08	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2015-02-20 01:01 . 2015-03-10 19:08	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2015-02-13 05:22 . 2015-03-10 19:09	14177280	----a-w-	c:\windows\system32\shell32.dll
2015-02-04 03:16 . 2015-03-10 19:08	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-10 19:08	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-10 19:09	693176	----a-w-	c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-10 19:10	5554104	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2015-04-05 40688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys;c:\windows\SYSNATIVE\drivers\ESLWireACD.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-30 16:14	988488	----a-w-	c:\program files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-29 13:00]
.
2015-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-29 13:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-02-24 5581888]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.startfenster.de
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\Dominics\AppData\Local\Temp\ie_script.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-05-02  16:17:45
ComboFix-quarantined-files.txt  2015-05-02 14:17
ComboFix2.txt  2015-01-29 15:04
.
Vor Suchlauf: 13 Verzeichnis(se), 281.885.655.040 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 281.851.224.064 Bytes frei
.
- - End Of File - - 0F146AA0D025CF1505A4E74D64DE5FFB
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 03.05.2015, 12:27

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Cpt_Chandler · 06.05.2015, 15:22

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.8 (05.06.2015:1)
OS: Windows 7 Home Premium x64
Ran by Dominics on 06.05.2015 at 15:57:13,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Dominics\appdata\local\{10EBEB62-BE80-4D1F-9CE7-960F79CB0E1E}
Successfully deleted: [Empty Folder] C:\Users\Dominics\appdata\local\{4ED193BE-71CE-4806-8451-A1DA3C9CFB04}
Successfully deleted: [Empty Folder] C:\Users\Dominics\appdata\local\{9B50EE22-B94D-4AEE-9E17-0D61A922D4CF}
Successfully deleted: [Empty Folder] C:\Users\Dominics\appdata\local\{EBB5C2A5-EE74-4875-A133-5A999E43E3CE}





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.05.2015 at 16:04:14,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 03.05.2015
Suchlauf-Zeit: 14:57:39
Logdatei: lol.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.03.03
Rootkit Datenbank: v2015.04.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Dominics

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 399650
Verstrichene Zeit: 23 Min, 23 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Error, 05.05.2015 11:50:13, SYSTEM, DOMINICS-PC, Protection, IsLicensed, 13, 
Protection, 05.05.2015 11:50:13, SYSTEM, DOMINICS-PC, Protection, Malware Protection, Stopping, 
Protection, 05.05.2015 11:50:13, SYSTEM, DOMINICS-PC, Protection, Malware Protection, Stopped, 

(end)

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 29.01.2015
Suchlauf-Zeit: 17:56:38
Logdatei: MBM.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.29.08
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Dominics

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 341162
Verstrichene Zeit: 22 Min, 29 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015
Ran by Dominics (administrator) on DOMINICS-PC on 06-05-2015 16:19:36
Running from C:\Users\Dominics\Downloads\vanessa
Loaded Profiles: Dominics (Available profiles: Dominics & Chandler)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5581888 2014-02-24] (ESET)
HKU\S-1-5-21-641145502-1558174140-1403310610-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [40688 2015-04-05] (Overwolf LTD)
HKU\S-1-5-21-641145502-1558174140-1403310610-1000\...\Run: [Benzul Activator] => C:\Program Files (x86)\Benzul\Activator\ascwx.exe [5763072 2014-02-10] ()
HKU\S-1-5-21-641145502-1558174140-1403310610-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-641145502-1558174140-1403310610-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-641145502-1558174140-1403310610-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Dominics\AppData\Roaming\Mozilla\Firefox\Profiles\WEwusPSU.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-641145502-1558174140-1403310610-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dominics\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Dominics\AppData\Roaming\Mozilla\Firefox\Profiles\WEwusPSU.default\Extensions\abs@avira.com [2015-02-07]
FF Extension: Amazon-Icon - C:\Users\Dominics\AppData\Roaming\Mozilla\Firefox\Profiles\WEwusPSU.default\Extensions\amazon-icon@giga.de [2015-02-13]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2015-04-07]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.de/", "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-29]
CHR Extension: (pikachu theme) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdbigfofckhdmnfjapophoghiallgop [2015-02-20]
CHR Extension: (Google Docs) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-29]
CHR Extension: (Google Drive) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-29]
CHR Extension: (OkayFreedom) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckipplcmnfhblnpibpbehenelnkpecd [2015-01-29]
CHR Extension: (YouTube) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-29]
CHR Extension: (Google Search) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-29]
CHR Extension: (Google Sheets) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-29]
CHR Extension: (Avira Browser Safety) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-07]
CHR Extension: (AdBlock) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-29]
CHR Extension: (Bookmark Manager) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Video Downloader) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpgleggfcndpeflbjhpjfckfmojnpo [2015-03-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-29]
CHR Extension: (Gmail) - C:\Users\Dominics\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1343408 2014-02-24] (ESET)
S2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] ()
S2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-04-05] (Overwolf LTD)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [96544 2015-04-19] (<Turtle Entertainment>)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 16:14 - 2015-05-06 16:14 - 00001213 _____ () C:\Users\Dominics\Desktop\MBM.txt
2015-05-06 16:04 - 2015-05-06 16:04 - 00001041 _____ () C:\Users\Dominics\Desktop\JRT.txt
2015-05-06 15:57 - 2015-05-06 15:57 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DOMINICS-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-06 15:57 - 2015-05-06 15:57 - 00000000 ____D () C:\RegBackup
2015-05-06 15:45 - 2015-05-06 15:46 - 00001213 _____ () C:\Users\Dominics\Desktop\lol.txt
2015-05-05 14:22 - 2015-05-06 15:53 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-05 14:22 - 2015-05-05 14:24 - 00000000 ____D () C:\Users\Dominics\Documents\AndroidSC
2015-05-05 14:21 - 2015-05-05 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Benzul Activator
2015-05-05 14:21 - 2015-05-05 14:21 - 00000000 ____D () C:\Program Files (x86)\Benzul
2015-05-04 20:35 - 2015-05-04 20:37 - 13675368 _____ () C:\Users\Dominics\Desktop\11183330_451723848322307_45592186_n.mp4
2015-05-03 14:56 - 2015-05-03 14:56 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-02 16:17 - 2015-05-02 16:17 - 00023847 _____ () C:\ComboFix.txt
2015-05-02 13:40 - 2015-05-02 13:40 - 00003728 _____ () C:\Windows\System32\Tasks\Overwolf Updater Task
2015-05-02 13:40 - 2015-05-02 13:40 - 00001975 _____ () C:\Users\Public\Desktop\Overwolf.lnk
2015-05-02 13:40 - 2015-05-02 13:40 - 00000000 ____D () C:\Users\Dominics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2015-05-02 13:39 - 2015-05-02 13:41 - 00000000 ____D () C:\ProgramData\Overwolf
2015-05-02 13:39 - 2015-05-02 13:40 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-05-02 13:32 - 2015-05-06 15:54 - 00000000 ____D () C:\Users\Dominics\AppData\Local\Overwolf
2015-04-30 18:34 - 2015-04-30 18:34 - 00000000 ____D () C:\Users\Dominics\Desktop\Blue
2015-04-30 17:41 - 2015-04-30 17:41 - 00001816 _____ () C:\Users\Dominics\Desktop\bluescreen.txt
2015-04-30 16:33 - 2015-04-30 16:34 - 00275680 _____ () C:\Windows\Minidump\043015-29374-01.dmp
2015-04-30 13:28 - 2015-04-30 13:45 - 00000000 ____D () C:\Users\Dominics\Documents\WhatsApp
2015-04-30 13:24 - 2015-05-04 15:20 - 00000000 ____D () C:\Users\Dominics\Desktop\Pokedes
2015-04-29 18:39 - 2015-04-29 18:39 - 00000778 _____ () C:\Users\Public\Desktop\World of Tanks 0.9.7.lnk
2015-04-29 18:39 - 2015-04-29 18:39 - 00000773 _____ () C:\Users\Public\Desktop\World of Tanks Launcher 0.9.7.lnk
2015-04-26 20:08 - 2015-04-26 20:08 - 00275568 _____ () C:\Windows\Minidump\042615-28766-01.dmp
2015-04-24 21:31 - 2015-04-24 21:31 - 00022929 _____ () C:\Users\Dominics\Desktop\ts3.m3u
2015-04-20 22:09 - 2015-05-06 16:19 - 00000000 ____D () C:\Users\Dominics\Downloads\vanessa
2015-04-19 20:51 - 2015-04-19 20:51 - 00275568 _____ () C:\Windows\Minidump\041915-28797-01.dmp
2015-04-19 18:58 - 2015-04-19 18:58 - 00275680 _____ () C:\Windows\Minidump\041915-29530-01.dmp
2015-04-19 17:00 - 2015-04-19 17:00 - 00275680 _____ () C:\Windows\Minidump\041915-31122-01.dmp
2015-04-17 21:26 - 2015-04-17 21:26 - 00275568 _____ () C:\Windows\Minidump\041715-32947-01.dmp
2015-04-17 21:24 - 2015-04-17 21:24 - 18092878 _____ () C:\Users\Dominics\Downloads\X-Men_Magneto_Cat.mp4
2015-04-17 21:23 - 2015-04-17 21:24 - 10807408 _____ () C:\Users\Dominics\Downloads\Wolverine_Cat_Troll_Hunter.mp4
2015-04-17 21:23 - 2015-04-17 21:23 - 13117704 _____ () C:\Users\Dominics\Downloads\X-Men_Origins_Wolverine_Cat.mp4
2015-04-17 21:22 - 2015-04-17 21:23 - 11008936 _____ () C:\Users\Dominics\Downloads\X-Men_Origins_Cyclops_Cat.mp4
2015-04-17 21:21 - 2015-04-17 21:21 - 09167730 _____ () C:\Users\Dominics\Downloads\Hand_of_God_No_More_Gangnam_Style_Episode_3.mp4
2015-04-17 21:19 - 2015-04-17 21:22 - 17357902 _____ () C:\Users\Dominics\Downloads\Hand_of_God_Pull_My_Finger_Episode_2.mp4
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Vorlagen
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Startmenü
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Netzwerkumgebung
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Lokale Einstellungen
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Eigene Dateien
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Druckumgebung
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Documents\Eigene Musik
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Documents\Eigene Bilder
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\AppData\Local\Verlauf
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\AppData\Local\Anwendungsdaten
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 _SHDL () C:\Users\Chandler\Anwendungsdaten
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 ____D () C:\Users\Chandler\AppData\Roaming\CyberLink
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 ____D () C:\Users\Chandler\AppData\Local\VirtualStore
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 ____D () C:\Users\Chandler\AppData\Local\PowerCinema
2015-04-15 21:07 - 2015-04-15 21:07 - 00000000 ____D () C:\Users\Chandler
2015-04-15 21:07 - 2011-04-14 09:40 - 00059968 _____ () C:\Users\Chandler\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-15 21:07 - 2011-04-14 09:35 - 00000000 ____D () C:\Users\Chandler\AppData\Roaming\Macromedia
2015-04-15 21:07 - 2011-04-14 09:35 - 00000000 ____D () C:\Users\Chandler\AppData\Roaming\Adobe
2015-04-15 21:07 - 2011-04-14 09:35 - 00000000 ____D () C:\Users\Chandler\AppData\Local\Adobe
2015-04-15 21:07 - 2011-04-14 09:31 - 00000000 ____D () C:\Users\Chandler\AppData\Local\Downloaded Installations
2015-04-15 21:07 - 2011-04-14 09:01 - 00000000 ____D () C:\Users\Chandler\AppData\Local\Windows Live
2015-04-15 21:07 - 2010-11-21 04:51 - 00001449 _____ () C:\Users\Chandler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-15 21:07 - 2010-11-21 04:51 - 00001415 _____ () C:\Users\Chandler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-04-15 21:07 - 2010-11-21 04:50 - 00000020 ___SH () C:\Users\Chandler\ntuser.ini
2015-04-15 21:07 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Chandler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-15 21:07 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Chandler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-14 23:41 - 2015-04-14 23:41 - 00000000 ____D () C:\Users\Dominics\Desktop\handy
2015-04-14 23:22 - 2015-04-14 23:23 - 00031828 _____ () C:\Windows\DPINST.LOG
2015-04-11 11:28 - 2015-04-11 11:50 - 00000003 _____ () C:\Users\Dominics\Documents\asd.txt
2015-04-10 14:51 - 2015-04-10 15:06 - 00000000 ____D () C:\Users\Dominics\Documents\Neuer Ordner
2015-04-10 13:17 - 2015-04-10 13:37 - 00000000 ____D () C:\Users\Dominics\Documents\Handy
2015-04-09 19:17 - 2015-04-09 19:17 - 30544295 _____ () C:\Users\Dominics\Downloads\Hill_Climb_Racing_v1.22.0_MOD_(www.ApkHouse.com).apk
2015-04-09 19:05 - 2015-04-09 19:05 - 31154570 _____ () C:\Users\Dominics\Downloads\Hill Climb Racing v1.21.2 [MOD] by OnHAX.apk
2015-04-09 14:08 - 2015-04-09 14:08 - 01349159 _____ () C:\Users\Dominics\Desktop\ddd.m3u
2015-04-09 11:50 - 2015-04-09 11:50 - 00001606 _____ () C:\Users\Dominics\Desktop\mp 3 - Verknüpfung.lnk
2015-04-08 18:53 - 2015-04-08 18:53 - 00000000 ____D () C:\Users\Dominics\AppData\Local\Steam
2015-04-08 18:49 - 2015-05-03 13:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-08 18:49 - 2015-04-08 18:49 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-04-08 18:49 - 2015-04-08 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-08 18:48 - 2015-04-08 18:48 - 01142128 _____ () C:\Users\Dominics\Downloads\SteamSetup.exe
2015-04-08 16:40 - 2015-04-08 16:40 - 02953096 _____ (ESET) C:\Windows\SysWOW64\%InstallDir%speclean.exe
2015-04-07 23:32 - 2015-04-25 13:28 - 00000000 ____D () C:\Users\Dominics\AppData\Local\CrashDumps
2015-04-07 23:32 - 2015-04-07 23:32 - 00000000 ____D () C:\Users\Dominics\AppData\Roaming\ESET
2015-04-07 23:32 - 2015-04-07 23:32 - 00000000 ____D () C:\Users\Dominics\AppData\Local\ESET
2015-04-07 23:28 - 2015-04-07 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-04-07 23:28 - 2015-04-07 23:28 - 00000000 ____D () C:\ProgramData\ESET
2015-04-07 23:28 - 2015-04-07 23:28 - 00000000 ____D () C:\Program Files\ESET
2015-04-07 23:10 - 2015-05-03 12:33 - 00170444 _____ () C:\Windows\PFRO.log
2015-04-07 19:46 - 2015-04-27 16:29 - 00001742 _____ () C:\Users\Public\Desktop\OMC ModPack entfernen 0.9.6.lnk
2015-04-07 19:39 - 2015-04-30 17:30 - 00001131 _____ () C:\Users\Public\Desktop\OMC ModPack Aktualisierung- Rekonfiguration.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 16:19 - 2015-01-29 20:39 - 00000000 ____D () C:\FRST
2015-05-06 16:13 - 2015-01-29 18:56 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-06 16:13 - 2015-01-29 15:01 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-06 16:06 - 2015-01-29 00:27 - 01872632 _____ () C:\Windows\WindowsUpdate.log
2015-05-06 16:05 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-06 16:05 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-06 15:53 - 2015-02-13 18:39 - 00000000 ____D () C:\Users\Dominics\AppData\Local\HTC MediaHub
2015-05-06 15:53 - 2015-01-29 15:01 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-06 15:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-06 15:52 - 2015-03-22 13:40 - 00021478 _____ () C:\Windows\setupact.log
2015-05-06 15:51 - 2015-02-13 17:42 - 00000000 ___RD () C:\Users\Dominics\Desktop\Neuer Ordner
2015-05-06 15:51 - 2015-01-29 19:50 - 00000000 ____D () C:\AdwCleaner
2015-05-06 15:51 - 2015-01-29 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-05 21:23 - 2015-01-29 20:15 - 00000000 ____D () C:\Users\Dominics\AppData\Roaming\TS3Client
2015-05-05 19:45 - 2015-03-01 14:53 - 00000000 ____D () C:\Users\Dominics\AppData\Local\ESL Wire Game Client
2015-05-05 19:21 - 2015-03-01 15:04 - 00000000 ____D () C:\Users\Dominics\Documents\ESL Match Media
2015-05-03 20:47 - 2015-01-29 00:42 - 00000000 ____D () C:\Users\Dominics\AppData\Local\Downloaded Installations
2015-05-03 20:37 - 2015-01-29 09:18 - 00699420 _____ () C:\Windows\system32\perfh007.dat
2015-05-03 20:37 - 2015-01-29 09:18 - 00149270 _____ () C:\Windows\system32\perfc007.dat
2015-05-03 20:37 - 2009-07-14 07:13 - 01619896 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-03 14:56 - 2015-01-29 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-03 14:56 - 2015-01-29 18:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-02 16:17 - 2015-01-29 14:33 - 00000000 ____D () C:\Qoobox
2015-05-02 16:12 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-30 16:33 - 2015-03-24 00:12 - 529130855 _____ () C:\Windows\MEMORY.DMP
2015-04-30 16:33 - 2015-02-07 03:03 - 00000000 ____D () C:\Windows\Minidump
2015-04-30 14:00 - 2015-01-29 00:42 - 00000000 ____D () C:\Users\Dominics\AppData\Local\Windows Live
2015-04-27 16:23 - 2015-02-06 19:39 - 00000000 ____D () C:\Users\Dominics\AppData\Roaming\Microsoft\Windows\Start Menu\OMC ModPack Client
2015-04-27 16:23 - 2015-02-06 19:39 - 00000000 ____D () C:\Program Files (x86)\OMC ModPack Client
2015-04-25 13:28 - 2015-01-31 12:34 - 00000000 ____D () C:\Users\Dominics\AppData\Roaming\vlc
2015-04-22 00:03 - 2015-02-08 15:17 - 00000000 ____D () C:\Users\Dominics\AppData\Roaming\SoftGrid Client
2015-04-21 12:24 - 2011-04-14 09:00 - 00000000 ____D () C:\Program Files\Acer
2015-04-21 12:23 - 2011-04-14 08:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-04-19 20:20 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-19 14:12 - 2015-03-01 15:04 - 00096544 _____ (<Turtle Entertainment>) C:\Windows\system32\Drivers\ESLWireACD.sys
2015-04-14 09:37 - 2015-01-29 18:55 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2015-01-29 18:55 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2015-01-29 18:55 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-13 21:01 - 2015-01-29 00:42 - 00062792 _____ () C:\Users\Dominics\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-12 19:09 - 2009-07-14 06:45 - 00277072 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-08 11:27 - 2015-02-07 12:58 - 00000000 ____D () C:\ProgramData\Avira
2015-04-08 11:27 - 2015-02-07 12:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-07 23:35 - 2015-01-29 00:42 - 00000000 ____D () C:\Users\Dominics\AppData\Local\Adobe
2015-04-07 23:34 - 2015-01-29 00:42 - 00000000 ____D () C:\Users\Dominics\AppData\Roaming\Adobe

==================== Files in the root of some directories =======

2015-01-29 01:22 - 2015-01-29 01:31 - 0015134 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-04-14 08:41 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\Dominics\AppData\Local\Temp\Quarantine.exe
C:\Users\Dominics\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-25 10:41

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 07.05.2015, 07:16

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Cpt_Chandler · 28.05.2015, 19:39

Code:

ATTFilter

	Zusatzinformationen zum Problem:
  BCCode:	124
  BCP1:	0000000000000000
  BCP2:	FFFFFA80044B3038
  BCP3:	00000000B6000000
  BCP4:	0000000000010015
  OS Version:	6_1_7601
  Service Pack:	1_0
  Product:	768_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
  C:\Windows\Minidump\052815-17628-01.dmp
  C:\Users\Dominics\AppData\Local\Temp\WER-67314-0.sysdata.xml

Lesen Sie unsere Datenschutzbestimmungen online:
  hxxp://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0407

Wenn die Onlinedatenschutzbestimmungen nicht verfügbar sind, lesen Sie unsere Datenschutzbestimmungen offline:
  C:\Windows\system32\de-DE\erofflps.txt

Code:

ATTFilter

==================================================
Dump File         : 052815-17628-01.dmp
Crash Time        : 28.05.2015 20:27:07
Bug Check String  : 
Bug Check Code    : 0x00000124
Parameter 1       : 00000000`00000000
Parameter 2       : fffffa80`044b3038
Parameter 3       : 00000000`b6000000
Parameter 4       : 00000000`00010015
Caused By Driver  : hal.dll
Caused By Address : hal.dll+12a3b
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+74ec0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\MiniDump\052815-17628-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 275.568
Dump File Time    : 28.05.2015 20:28:03
==================================================

Ich habe momentan keine ahnung was los ist. Es passiert jetzt immer häufiger. Ich bin so am schwanken ob ich nicht mein System neu machen sollte? Entschuldigung die späte antwort

schrauber · 29.05.2015, 11:47

Versuchen wir mal was:

Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.

Cpt_Chandler · 29.05.2015, 16:10

Hei,

ich habe das alles gemacht nur sieht das bei mir anders aus.

Ich denke ich habe alles richtig gemacht.

schrauber · 30.05.2015, 09:05

Kommen noch Bluescreens?

Cpt_Chandler · 15.06.2015, 20:26

Hei danke dir Schrauber ich habe keine Bluescreens mehr. Ich habe es jetzt über mehrere Tage getestet.

30.04.2015, 16:33	#2
schrauber /// the machine /// TB-Ausbilder	Bluescreen BCCode: 124 in hal.dll hi, Lade Dir bitte Bluescreenview und installiere es: BlueScreenView - Download - Filepony Öffnen und den aktuellsten Dump analysieren lassen (macht das Tool automatisch). Output hier posten. __________________ __________________

30.05.2015, 09:05	#14
schrauber /// the machine /// TB-Ausbilder	Bluescreen BCCode: 124 in hal.dll Kommen noch Bluescreens? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Bluescreen BCCode: 124 in hal.dll

Plagegeister aller Art und deren Bekämpfung: Bluescreen BCCode: 124 in hal.dll