| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: win8.1 Internet öffnet immer neue SeitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.06.2015, 22:42
| #16 |
 |  win8.1 Internet öffnet immer neue Seiten Hallo cosinus, mittlerweile kann ich vom Laptop posten Teil2 AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 17/06/2015 um 23:05:50
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-17.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Carsten - CARSTEN
# Gestarted von : C:\Users\Carsten\Desktop\AdwCleaner_4.206.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : ColorMedia
[#] Dienst Gelöscht : RBClientService
[#] Dienst Gelöscht : 4ef60154
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\HealthAlert
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\radio
Ordner Gelöscht : C:\ProgramData\{bd9d0755-efcc-1991-bd9d-d0755efc1d57}
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector
Ordner Gelöscht : C:\Program Files (x86)\Right Backup
Ordner Gelöscht : C:\Program Files (x86)\ClickForSaale
Ordner Gelöscht : C:\Program Files (x86)\Coupon Digger
Ordner Gelöscht : C:\Program Files (x86)\deaL4mee
Ordner Gelöscht : C:\Program Files (x86)\diEEaL4me
Ordner Gelöscht : C:\Program Files (x86)\Last Tab Keeper
Ordner Gelöscht : C:\Program Files (x86)\LiuicKyShOpper
Ordner Gelöscht : C:\Program Files (x86)\LLuickyuShopper
Ordner Gelöscht : C:\Program Files (x86)\LucckyCCoupoen
Ordner Gelöscht : C:\Program Files (x86)\LuckYShooPpeR
Ordner Gelöscht : C:\Program Files (x86)\RoyaAllCoupon
Ordner Gelöscht : C:\Program Files (x86)\ROYaalShoppeRAApp
Ordner Gelöscht : C:\Program Files (x86)\SalaEEsCheCkeR
Ordner Gelöscht : C:\Program Files (x86)\SaulesMagnet
Ordner Gelöscht : C:\Program Files (x86)\savearoN
Ordner Gelöscht : C:\Program Files (x86)\saveingtOYYOu
Ordner Gelöscht : C:\Program Files (x86)\ShopperuMaistEr
Ordner Gelöscht : C:\Program Files (x86)\SomartComparoE
Ordner Gelöscht : C:\Program Files (x86)\WooWCoouponu
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyProtectEx
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\speed browser
Ordner Gelöscht : C:\Users\Carsten\AppData\Local\9CCE64D0-1424624861-81F5-2400-7824AF296216
Ordner Gelöscht : C:\Users\Carsten\AppData\Local\9CCE64D0-1425750621-81F5-2400-7824AF296216
Ordner Gelöscht : C:\Users\Carsten\AppData\LocalLow\SmartWeb
Ordner Gelöscht : C:\Users\Carsten\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Ordner Gelöscht : C:\Users\Carsten\AppData\Roaming\rightbackup
Ordner Gelöscht : C:\Users\Carsten\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Carsten\AppData\Roaming\sparta123
Ordner Gelöscht : C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Ordner Gelöscht : C:\Users\Carsten\Documents\PCSpeedUp
Ordner Gelöscht : C:\Users\Carsten\AppData\Roaming\Mozilla\Firefox\Profiles\dk0njk6k.default-1425814825542\Extensions\3psOVDhyV@fk.net
Ordner Gelöscht : C:\Users\Carsten\AppData\Roaming\Mozilla\Firefox\Profiles\dk0njk6k.default-1425814825542\Extensions\GS@F1iS0Nmr.org
Ordner Gelöscht : C:\Users\Carsten\AppData\Roaming\Mozilla\Firefox\Profiles\dk0njk6k.default-1425814825542\Extensions\NN@gmmy.org
Ordner Gelöscht : C:\Users\Carsten\AppData\Roaming\Mozilla\Firefox\Profiles\dk0njk6k.default-1425814825542\Extensions\V@ist.org
Ordner Gelöscht : C:\Users\Carsten\AppData\Roaming\Mozilla\Firefox\Profiles\dk0njk6k.default-1425814825542\Extensions\Zync8SC@De.edu
Datei Gelöscht : C:\Program Files (x86)\prefs.js
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Carsten\AppData\Roaming\ICSW_0L1L2X1PtJ1V0N1F1C2Z1F1GtAyCtD.txt
Datei Gelöscht : C:\Users\Carsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk
Datei Gelöscht : C:\Users\Carsten\AppData\Roaming\Mozilla\Firefox\Profiles\dk0njk6k.default-1425814825542\invalidprefs.js
Datei Gelöscht : C:\Users\Carsten\AppData\Roaming\Mozilla\Firefox\Profiles\dk0njk6k.default-1425814825542\user.js
Datei Gelöscht : C:\Users\Carsten\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
Datei Gelöscht : C:\Users\Carsten\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
Datei Gelöscht : C:\Users\Carsten\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.delta-homes.com_0.localstorage
Datei Gelöscht : C:\Users\Carsten\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.delta-homes.com_0.localstorage-journal
***** [ Geplante Tasks ] *****
Task Gelöscht : gtaUpt
Task Gelöscht : Right Backup_startup
Task Gelöscht : Advanced System~Protector_startup
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Verknüpfung Desinfiziert : C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe\Warframe.lnk
Verknüpfung Desinfiziert : C:\Users\Carsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (2).lnk
Verknüpfung Desinfiziert : C:\Users\Carsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.Registry
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.SysUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\99bfa1b1-4fb0-c321-d3f4-9a71d028b0ab
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{10F67E56-58A9-4A52-A48A-A28A75FF9FBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1F831F60-05FB-474D-93A3-42DA68E7EB8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{318C7F13-3498-459E-BF35-12865E6D005C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5518881B-BB38-46C7-A27C-024DA02AD167}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\Speedchecker Limited
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartWeb
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBrowser
Schlüssel Gelöscht : HKLM\SOFTWARE\IGS
Schlüssel Gelöscht : HKLM\SOFTWARE\SiteSee
Schlüssel Gelöscht : HKLM\SOFTWARE\SecurityUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B8A71D1-31D4-EE6A-C32F-836E0BFFA6D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3119AFD3-545C-0955-573A-494F62E61990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\igsc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecurityUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{09854D8E-46B5-057B-5B6E-BFD2A04AD5AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D566ABB-889B-AF39-7B6A-23D4C5D54542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DE8A1D7-C77F-E02A-70DD-31D29EC5B988}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{66951628-3E5A-9C96-37EA-490E187974D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C998B44-82D8-CC7E-D847-4CD73036412A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A9F7A981-09A3-C1F7-2D46-1BA20CFDF02F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\SecurityUtility
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5081D2D4-1637-404c-B74F-50526718257D}_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\de.reimageplus.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\playsushi.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v37.0.1 (x86 de)
[dk0njk6k.default-1425814825542\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[dk0njk6k.default-1425814825542\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "istartsurf");
[dk0njk6k.default-1425814825542\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/web/favicon.ico");
[dk0njk6k.default-1425814825542\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "istartsurf");
[dk0njk6k.default-1425814825542\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=dspp&ts=1434106095&from=xtab&uid=3BE23898C1D64ffbA4A9F85A87AE5732&q={searchTerms}");
[dk0njk6k.default-1425814825542\prefs.js] - Zeile Gelöscht : user_pref("extensions.HwRyP9LgRy2mwfbD.scode", "(function(){try{if(window.location.href.indexOf(\"rjCHqHY5rjYFrdwErTYGrHU6rHU\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[dk0njk6k.default-1425814825542\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[dk0njk6k.default-1425814825542\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[dk0njk6k.default-1425814825542\prefs.js] - Zeile Gelöscht : user_pref("extensions.uYfZ9a5sWqpcqoAK.scode", "(function(){try{if(window.location.href.indexOf(\"rjCHqHY5rjYFrdwErTYGrHU6rHU\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[dk0njk6k.default-1425814825542\prefs.js] - Zeile Gelöscht : user_pref("extensions.vyWmklpFU7Pd2XvN.scode", "(function(){try{if(window.location.href.indexOf(\"rjCHqHY5rjYFrdwErTYGrHU6rHU\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
-\\ Chromium v
-\\ Opera v30.0.1835.59
*************************
AdwCleaner[R0].txt - [14873 Bytes] - [17/06/2015 23:03:18]
AdwCleaner[S0].txt - [13152 Bytes] - [17/06/2015 23:05:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13212 Bytes] ##########
JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.1 (06.17.2015:2)
OS: Windows 8.1 x64
Ran by Carsten on 17.06.2015 at 23:13:23,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Dynamo Combo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Dynamo Combo
~~~ Files
Successfully deleted: [File] C:\Users\Carsten\appdata\local\nsb9AD6.tmp
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\t122078ed
Successfully deleted: [Folder] C:\Users\Carsten\appdata\locallow\company
Successfully deleted: [Folder] C:\ProgramData\15926887554843256858
Successfully deleted: [Folder] C:\ProgramData\33042a52875d448f81c55f523653ee6a
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.06.2015 at 23:20:13,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Carsten (administrator) on CARSTEN on 17-06-2015 23:23:28
Running from C:\Users\Carsten\Desktop
Loaded Profiles: Carsten (Available Profiles: Carsten)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.374.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-18] (Intel Corporation)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
HKLM-x32\...\Run: [Arc] => C:\Program Files (x86)\Arc\ArcLauncher.exe [416080 2015-01-22] (Perfect World Entertainment)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4923832 2015-05-26] (Emsisoft Ltd)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [730416 2015-05-27] (Avira Operations GmbH & Co. KG)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3715676092-2590170253-164830291-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {1F81E7D8-EAD3-463C-8209-858DEC5E4FDD} -> No File
BHO: No Name -> {34D0826E-7DC1-4B54-90ED-191A60ADA6A1} -> No File
BHO: No Name -> {70FDDD11-A146-4C0F-A4DA-8A8F25DB87B3} -> No File
BHO: No Name -> {e5500ead-9940-45ff-8d34-d97dd41ababe} -> No File
BHO: SomartComparoE -> {EC9F8CAB-2247-4F36-BCE7-3DFD2447DC9E} -> C:\Program Files (x86)\SomartComparoE\mp2mC2DfxxjsJd.x64.dll No File
BHO: No Name -> {F4734433-9CAE-423E-B8E2-9BDF2454A795} -> No File
BHO: No Name -> {F56950E1-4EFE-46D0-A9A1-36C423DBD37B} -> No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-02-27] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Carsten\AppData\Roaming\Mozilla\Firefox\Profiles\dk0njk6k.default-1425814825542
FF SelectedSearchEngine: delta-homes
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-11] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2015-01-22] (Perfect World Entertainment Inc)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: GetTheDiscount - C:\Users\Carsten\AppData\Roaming\Mozilla\Firefox\Profiles\dk0njk6k.default-1425814825542\Extensions\gftblidtdfyu_ool@irvibpzkrwemeewgs.org [2015-05-10]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-02-08]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-24]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-11]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Carsten\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-01-17]
Opera:
=======
OPR StartupUrls: "hxxp://www.google.de/"
OPR Extension: (Dynamo Combo) - C:\Users\Carsten\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgohmfhlbipbcmmpdonacmkpibfghppn [2015-05-03]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.delta-homes.com/?type=sc&ts=1434105950&z=766685ec54ab49f54f76b6dg6z6c3z2gee0w0tac1o&from=ient06122&uid=ST1000LM024XHN-M101MBB_S32XJ9BF501796
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5155576 2015-05-26] (Emsisoft Ltd)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827184 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1188360 2015-05-27] (Avira Operations GmbH & Co. KG)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88400 2015-01-22] (Perfect World Entertainment Inc)
S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-18] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-18] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-18] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-09] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-18] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-09-30] (iolo technologies, LLC)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-06-04] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-05-25] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-05-27] (Avira Operations GmbH & Co. KG)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-18] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-18] (Intel Corporation)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2014-01-03] (Windows (R) Win 7 DDK provider)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-09-30] (EldoS Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-24] (Realsil Semiconductor Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-17 23:23 - 2015-06-17 23:23 - 00019895 _____ C:\Users\Carsten\Desktop\FRST.txt
2015-06-17 23:23 - 2015-06-17 07:22 - 02109952 _____ (Farbar) C:\Users\Carsten\Desktop\FRST64.exe
2015-06-17 23:20 - 2015-06-17 23:20 - 00001211 _____ C:\Users\Carsten\Desktop\JRT.txt
2015-06-17 23:13 - 2015-06-17 23:13 - 00000207 _____ C:\Windows\tweaking.com-regbackup-CARSTEN-Windows-8.1-(64-bit).dat
2015-06-17 23:13 - 2015-06-17 23:13 - 00000000 ____D C:\RegBackup
2015-06-17 23:13 - 2015-06-17 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-06-17 23:12 - 2015-06-17 23:11 - 02949914 _____ (Thisisu) C:\Users\Carsten\Desktop\JRT(1).exe
2015-06-17 23:11 - 2015-06-17 23:11 - 02949914 _____ (Thisisu) C:\Users\Carsten\Downloads\JRT(1).exe
2015-06-17 23:10 - 2015-06-17 23:06 - 00013325 _____ C:\Users\Carsten\Desktop\AdwCleaner[S0].txt
2015-06-17 23:04 - 2015-06-14 06:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Carsten\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-17 23:03 - 2015-06-17 23:06 - 00000000 ____D C:\AdwCleaner
2015-06-17 23:02 - 2015-06-17 07:20 - 02231296 _____ C:\Users\Carsten\Desktop\AdwCleaner_4.206.exe
2015-06-17 23:01 - 2015-06-17 23:01 - 02231296 _____ C:\Users\Carsten\Downloads\AdwCleaner_4.206(1).exe
2015-06-17 22:49 - 2015-06-17 22:49 - 00026361 _____ C:\Users\Carsten\Desktop\mbam.txt
2015-06-17 07:22 - 2015-06-17 07:22 - 02109952 _____ (Farbar) C:\Users\Carsten\Downloads\FRST64.exe
2015-06-17 07:21 - 2015-06-17 07:21 - 02946265 _____ (Thisisu) C:\Users\Carsten\Downloads\JRT.exe
2015-06-17 07:20 - 2015-06-17 07:20 - 02231296 _____ C:\Users\Carsten\Downloads\AdwCleaner_4.206.exe
2015-06-17 07:18 - 2015-06-17 07:19 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Carsten\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-16 13:06 - 2015-06-16 13:06 - 00000000 ____D C:\Users\Carsten\AppData\Local\GWX
2015-06-16 09:17 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-16 09:17 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-16 09:17 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-16 09:17 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-16 09:17 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-16 09:17 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-16 09:17 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-16 09:17 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-15 14:09 - 2015-06-15 14:09 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\Avira
2015-06-15 14:07 - 2015-05-27 13:11 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-15 14:07 - 2015-05-27 13:11 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-15 14:07 - 2015-05-27 13:11 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-06-15 14:07 - 2015-05-27 13:11 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-06-15 14:04 - 2015-06-15 14:04 - 00001210 _____ C:\Users\Public\Desktop\Avira.lnk
2015-06-15 14:03 - 2015-06-15 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-15 14:03 - 2015-06-15 14:07 - 00000000 ____D C:\ProgramData\Avira
2015-06-15 14:03 - 2015-06-15 14:07 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-14 21:38 - 2015-06-14 21:38 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-14 21:03 - 2015-06-17 23:23 - 00000000 ____D C:\FRST
2015-06-14 20:54 - 2015-06-14 20:54 - 00000000 ____D C:\ProgramData\Emsisoft
2015-06-14 12:03 - 2015-06-14 12:03 - 00003094 _____ C:\Windows\System32\Tasks\{56A2E47B-41EE-408C-A573-8F3B696F1CA8}
2015-06-14 09:41 - 2015-06-17 23:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-14 09:39 - 2015-06-17 22:24 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-14 09:39 - 2015-06-17 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-14 09:39 - 2015-06-17 22:24 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-14 09:39 - 2015-06-14 09:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-14 09:39 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-14 09:39 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-14 09:39 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-14 09:26 - 2015-06-14 09:26 - 00000000 ____D C:\Users\Carsten\Desktop\trojaner-board
2015-06-14 09:21 - 2015-06-14 20:59 - 00056900 _____ C:\EamClean.log
2015-06-14 08:12 - 2015-06-14 08:12 - 00001105 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-06-14 08:12 - 2015-06-14 08:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-06-14 08:11 - 2015-03-24 00:17 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-06-14 08:10 - 2015-06-17 23:09 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2015-06-14 08:07 - 2015-06-14 08:08 - 00000000 ____D C:\daten
2015-06-12 19:45 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-12 19:42 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-12 19:42 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-12 19:42 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-12 19:42 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-12 19:42 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-12 19:42 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-12 19:42 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-12 19:42 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-12 19:42 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-12 19:42 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-12 19:42 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-12 19:42 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-12 19:42 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-12 19:42 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-12 19:42 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-12 19:42 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-12 19:42 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-12 19:42 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-12 19:42 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-12 19:42 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-12 19:42 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-12 19:42 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-12 19:42 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-12 19:42 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-12 19:42 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-12 19:42 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-12 19:42 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-12 19:42 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-12 19:42 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-12 19:42 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-12 19:42 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-12 19:42 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-12 19:42 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-12 19:42 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-12 19:42 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-12 19:42 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-12 19:42 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-12 19:42 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-12 19:42 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-12 19:42 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-12 19:42 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-12 19:42 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-12 15:12 - 2015-06-12 15:33 - 00000000 _____ C:\Recovery.txt
2015-06-12 14:37 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-12 14:37 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-12 14:37 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-12 14:37 - 2015-04-16 08:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-12 14:37 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-12 14:37 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-12 14:37 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-12 14:37 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-12 14:37 - 2015-04-09 00:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-12 14:37 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-12 14:37 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-12 14:37 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-12 14:37 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-12 14:37 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-12 14:37 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-12 14:37 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-12 14:37 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-12 14:37 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-12 14:37 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-12 14:37 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-12 14:37 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-12 14:37 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-12 14:37 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-12 14:37 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-12 14:37 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-12 14:37 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-12 14:37 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-12 14:37 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-12 14:37 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-12 14:37 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-12 11:23 - 2015-06-12 11:23 - 00000000 ____D C:\Windows\system32\config\Original
2015-06-11 12:33 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-06-04 09:45 - 2015-06-04 09:46 - 00000000 ____D C:\Users\Carsten\Desktop\Programme
2015-06-04 09:44 - 2015-06-04 09:46 - 00000000 ____D C:\Users\Carsten\Desktop\Origin usw
2015-05-29 09:04 - 2015-05-29 09:55 - 00000000 ____D C:\Users\Carsten\AppData\Local\PAYDAY 2
2015-05-29 09:04 - 2015-05-29 09:04 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-05-27 07:59 - 2015-05-29 20:32 - 00000080 _____ C:\Users\Carsten\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
2015-05-27 07:59 - 2015-05-27 07:59 - 00000000 ____D C:\Users\Carsten\Documents\Rockstar Games
2015-05-27 07:59 - 2015-05-27 07:59 - 00000000 ____D C:\Users\Carsten\AppData\Local\Rockstar Games
2015-05-27 07:59 - 2015-05-27 07:59 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-05-27 07:58 - 2015-05-27 07:58 - 00000000 ____D C:\Program Files\Rockstar Games
2015-05-26 16:05 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-26 16:05 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-25 21:36 - 2015-06-12 11:52 - 00000000 ____D C:\Program Files (x86)\Talking Tom Cat Kid Ginger
2015-05-24 15:34 - 2015-06-11 12:28 - 00003452 _____ C:\Windows\System32\Tasks\Ororubeovbren
2015-05-24 15:34 - 2015-05-24 15:34 - 00000000 ____D C:\ProgramData\Ororubeovbren
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-17 23:23 - 2014-06-24 18:46 - 01948980 _____ C:\Windows\WindowsUpdate.log
2015-06-17 23:18 - 2014-12-25 15:48 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3715676092-2590170253-164830291-1001
2015-06-17 23:11 - 2014-12-25 15:43 - 00000074 _____ C:\Users\Carsten\AppData\Roaming\sp_data.sys
2015-06-17 23:09 - 2014-12-27 16:17 - 00000000 ___RD C:\Users\Carsten\OneDrive
2015-06-17 23:07 - 2013-08-22 16:46 - 00034370 _____ C:\Windows\setupact.log
2015-06-17 23:07 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-17 23:06 - 2013-12-13 05:57 - 00342164 _____ C:\Windows\PFRO.log
2015-06-17 23:06 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-17 23:05 - 2015-05-02 10:27 - 00000856 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-17 23:05 - 2015-03-07 18:54 - 00001008 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-06-17 23:05 - 2015-01-16 19:58 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
2015-06-17 23:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-17 22:43 - 2014-12-26 12:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-16 13:17 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-16 12:55 - 2015-05-03 10:21 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-16 12:55 - 2015-05-03 10:07 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-16 09:43 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-15 14:22 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-15 14:03 - 2014-12-26 16:26 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-14 20:56 - 2015-02-22 18:06 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\9CCE64D0-1424624809-81F5-2400-7824AF296216
2015-06-14 09:42 - 2015-02-22 18:53 - 00000000 ____D C:\ProgramData\EDOlmOnyl
2015-06-14 08:12 - 2015-02-22 18:20 - 00000129 _____ C:\Users\Carsten\AppData\Roaming\WB.CFG
2015-06-14 08:12 - 2013-12-13 13:04 - 00773008 _____ C:\Windows\system32\perfh007.dat
2015-06-14 08:12 - 2013-12-13 13:04 - 00162310 _____ C:\Windows\system32\perfc007.dat
2015-06-14 08:12 - 2013-12-13 06:09 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-13 08:34 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-12 21:46 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-06-12 19:55 - 2013-08-22 16:44 - 00338016 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-12 19:52 - 2015-04-13 08:33 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-12 19:52 - 2015-04-13 08:33 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-12 19:52 - 2014-12-26 19:33 - 00000000 ____D C:\Windows\system32\MRT
2015-06-12 19:52 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-12 14:37 - 2014-12-25 20:47 - 00000000 ____D C:\ProgramData\iolo
2015-06-12 14:32 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-12 13:47 - 2015-03-28 17:04 - 00000000 ____D C:\tmp
2015-06-12 13:22 - 2015-03-07 18:54 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-12 11:24 - 2014-06-24 18:59 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-06-11 13:14 - 2015-04-08 08:53 - 00000000 ____D C:\Program Files (x86)\Permanent Readability
2015-06-11 12:57 - 2015-03-07 18:55 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1425747289
2015-06-11 12:43 - 2014-12-26 12:26 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-11 12:42 - 2015-02-13 16:56 - 00000000 ____D C:\Program Files (x86)\alt-Mozilla Firefox
2015-06-11 12:33 - 2014-12-25 21:26 - 00000000 ____D C:\Windows\system32\config\SM Registry Backup
2015-06-07 12:22 - 2014-12-26 22:43 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-07 10:12 - 2014-12-25 15:41 - 00000000 ____D C:\Users\Carsten
2015-06-04 09:45 - 2015-02-20 23:38 - 00000000 ____D C:\Users\Carsten\Desktop\game
2015-06-03 18:18 - 2015-05-03 10:19 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-03 18:18 - 2015-05-03 10:19 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-31 10:04 - 2014-12-26 12:28 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\.minecraft
2015-05-29 09:04 - 2014-06-24 18:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-05-29 06:11 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-28 19:24 - 2014-12-28 16:35 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-27 00:04 - 2014-12-26 19:33 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-26 08:59 - 2015-01-16 19:58 - 00000000 ____D C:\Users\Carsten\AppData\Local\Warframe
2015-05-26 08:57 - 2015-03-08 11:07 - 00054112 _____ C:\Windows\DirectX.log
2015-05-25 13:44 - 2014-12-26 12:44 - 00000000 ____D C:\ProgramData\Origin
2015-05-25 13:40 - 2014-12-26 12:44 - 00000000 ____D C:\Program Files (x86)\Origin
2015-05-24 21:06 - 2013-08-22 22:59 - 00000000 ____D C:\Program Files\Windows Journal
==================== Files in the root of some directories =======
2014-12-25 15:43 - 2015-06-17 23:11 - 0000074 _____ () C:\Users\Carsten\AppData\Roaming\sp_data.sys
2015-02-22 18:20 - 2015-06-14 08:12 - 0000129 _____ () C:\Users\Carsten\AppData\Roaming\WB.CFG
2015-03-06 20:11 - 2015-03-06 20:11 - 0274045 _____ () C:\Users\Carsten\AppData\Local\dsi1.dat
2015-03-06 20:11 - 2015-03-06 20:11 - 0161916 _____ () C:\Users\Carsten\AppData\Local\dsi2.dat
2015-05-02 11:05 - 2015-05-02 11:05 - 0000000 _____ () C:\Users\Carsten\AppData\Local\Temp.dat
2014-06-24 18:50 - 2014-06-24 18:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-13 06:09 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-12-13 06:09 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-12-13 06:09 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
Some files in TEMP:
====================
C:\Users\Carsten\AppData\Local\Temp\avgnt.exe
C:\Users\Carsten\AppData\Local\Temp\Quarantine.exe
C:\Users\Carsten\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-14 12:35
==================== End of log ============================
FRST Additions Logfile: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Carsten at 2015-06-17 23:24:18
Running from C:\Users\Carsten\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3715676092-2590170253-164830291-500 - Administrator - Disabled)
Carsten (S-1-5-21-3715676092-2590170253-164830291-1001 - Administrator - Enabled) => C:\Users\Carsten
Gast (S-1-5-21-3715676092-2590170253-164830291-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3715676092-2590170253-164830291-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~9338DF9D_is1) (Version: 2.1.1000.15664 - systweak.com) <==== ATTENTION
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Assassin's Creed Unity (HKLM-x32\...\Uplay Install 720) (Version: - Ubisoft)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.7 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0033 - ASUS)
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Blender (HKLM\...\Blender) (Version: 2.73a - Blender Foundation)
Call of Duty: Advanced Warfare - Multiplayer (HKLM-x32\...\Steam App 209660) (Version: - Sledgehammer Games)
Call of Duty: Advanced Warfare (HKLM-x32\...\Steam App 209650) (Version: - Sledgehammer Games)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
EA Download Manager (HKLM-x32\...\EADM) (Version: 5.0.0.128 - Electronic Arts, Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Evolve (HKLM-x32\...\Steam App 273350) (Version: - Turtle Rock Studios)
Fallen Enchantress: Legendary Heroes (HKLM-x32\...\Steam App 228260) (Version: - Stardock Entertainment)
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GoHDV07.03 (HKLM-x32\...\GoHDV07.03) (Version: 1.36.01.22 - InstallMoonV07.03) <==== ATTENTION!
Gotham City Impostors: Free To Play (HKLM-x32\...\Steam App 206210) (Version: - Monolith Productions, Inc.)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.0.3 - iolo technologies, LLC)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1599 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.316 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Might & Magic Heroes VI - Shades of Darkness (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 2.0.0 - Ubisoft)
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
NVIDIA Graphics Driver 332.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.85 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Opera Stable 30.0.1835.59 (HKLM-x32\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Overlord (HKLM-x32\...\{259A8A5E-2886-4BED-9EF1-D5485282CCC3}) (Version: 1.00.0606 - Codemasters)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Permanent Readability (HKLM-x32\...\{CC17A332-9555-AD95-3985-0BDD9BF0EC71}) (Version: - "") <==== ATTENTION
Phone To Desktop (HKLM-x32\...\{40DC4B27-4588-C56F-7737-D03A0ACE4383}) (Version: - "")
PlanetSide 2 (HKU\S-1-5-21-3715676092-2590170253-164830291-1001\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Ref 1.10.0.9 (HKLM-x32\...\QuickRef_1.10.0.9) (Version: 1.10.0.9 - Quick Ref) <==== ATTENTION!
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.)
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
Warframe (HKLM-x32\...\{CBFC50BE-963E-464B-A20E-8031064B647F}) (Version: 1.0.0 - Digital Extremes)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.10.25 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.21 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wizard101(DE) (HKU\S-1-5-21-3715676092-2590170253-164830291-1001\...\Wizard101(DE)_is1) (Version: - Gameforge 4D GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3715676092-2590170253-164830291-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3715676092-2590170253-164830291-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
==================== Restore Points =========================
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01E76E5D-A9A7-4656-9CF0-C21BFD9722DE} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] ()
Task: {0B806867-7677-4779-8D68-19838AE82F36} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {10669899-3CFC-4C77-B215-A635A440A2E4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {11899337-2077-46AE-A5C5-1BE3C5190AC0} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {195A06DC-DDD1-478F-A62C-208F73090080} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {1F488469-7C4C-4EFD-8054-BF35F69160CC} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor)
Task: {2A862315-89E0-4E04-8377-65C2DBD690BF} - System32\Tasks\{56A2E47B-41EE-408C-A573-8F3B696F1CA8} => pcalua.exe -a "C:\Program Files (x86)\gmsd_de_245\unins000.exe"
Task: {309C526C-223F-4358-85F1-17916022FB1F} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2014-01-03] ()
Task: {422CABFA-A983-4C40-ABA3-44C8F48FA4E4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {43BB3A43-CED8-4689-AD10-743679D0E09D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-11] (Adobe Systems Incorporated)
Task: {44322FA6-EF9A-4E60-8BE7-E83C2D5BEB3D} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-06-17] ()
Task: {466EB3CD-BEF9-4DC2-BBAE-803B4B242DAA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {50F3F757-8EEC-4960-8C1F-A134745D7405} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {573F8C82-8EF9-4799-B7B4-EF3C63D29382} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2014-09-30] (iolo technologies, LLC)
Task: {73F590F3-4A68-46AB-88E1-836DE53DE8EE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {78F98D9E-2E2B-407A-A1FE-E1FB6DAF8823} - System32\Tasks\Ororubeovbren => C:\ProgramData\Ororubeovbren\1.0.1.0\owsopnuf.exe
Task: {950F3B99-A2C7-4C8D-9DB0-CC77753861B0} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {B28E57EB-5F3C-477F-B010-A224BD9F7611} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2014-01-03] (ASUS)
Task: {B298DFFD-F198-4B53-86B8-ABC9EC6049EC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-27] (Microsoft Corporation)
Task: {CEA4FD0F-6D45-40AB-B0EB-2F128BCCB60C} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15] (Realtek Semiconductor)
Task: {D392893A-451C-4A22-A4E0-D256EF7FF4A9} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {D71B6004-51C9-49FD-B8B5-18F7D2308EB9} - System32\Tasks\Opera scheduled Autoupdate 1425747289 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-10] (Opera Software)
Task: {E59002CE-0512-4DAF-8E7B-EA072E10ED64} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {E6CDE539-05F5-4CE4-A617-BA34E7DFF3A4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {EFBE14B2-2CDB-4103-8EDC-269D5400EDDA} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-06-17] ()
Task: {F93206B7-9446-444B-81C3-8CD2399AB484} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2015-05-10 16:42 - 2015-05-10 16:42 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\ErrorReporting.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Carsten\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Carsten\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3715676092-2590170253-164830291-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Carsten\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B6FE40B7-E75C-454B-99C3-C03FC0977895}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0403AAEE-E1FD-4C6A-99AC-FE2CEAF7AB18}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E7F6EC47-7198-4E61-86A4-94641855CF26}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{248F5EDE-6CC2-49A0-8628-E0A8D0383955}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{0AA49F4F-4379-4AE0-A10D-40F4DE044DE9}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{A931A845-2A59-49E6-9D67-EA530F1A62DA}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{BA40F246-2582-4B92-8B43-BE2E6F24D4B4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2FFAB011-B266-421C-B3F3-089EAE37621B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A352D13-24C2-4196-A64B-79ED7A9DBCE3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{29CB139D-C3D7-46BA-9308-231D629E713E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8B9AE8C3-F527-408E-AFEA-7B90E8A25173}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FE Legendary Heroes\LegendaryHeroes.exe
FirewallRules: [{CDC287D9-F96E-4EA3-B299-E8FC78BA6A8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FE Legendary Heroes\LegendaryHeroes.exe
FirewallRules: [{84F2A8C7-400E-42E4-A9C3-EE9DE0124430}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{E2BA8DF2-A321-460D-8B71-6735925B0F29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{64107B5C-F585-4E52-9252-08B11AD21762}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{F4BFFECD-AC7D-45E8-BC9D-EAD35C8ABAFE}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed Unity\ACU.exe
FirewallRules: [{93047F7E-31BE-41F8-A2C5-1360F1B76C71}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed Unity\ACU.exe
FirewallRules: [{86C11859-BBB5-4742-BB7A-B171066ABE69}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D7172423-BBF4-4C5C-8988-6A6C4441DB1B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7968B729-98AD-48FA-92A1-720237B527DA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D8F35AD5-5077-4BA6-A25E-09924F8FF07D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0B1BE725-7557-4573-892F-D77516C23747}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gotham City Impostors F2P\Impostors.exe
FirewallRules: [{503B0A43-8BED-41A0-8FF8-A176C3709466}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gotham City Impostors F2P\Impostors.exe
FirewallRules: [{B609F0A8-B160-4799-8C9D-166D54255DD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gotham City Impostors F2P\Engine.exe
FirewallRules: [{61087F73-EF82-4608-903C-9C5E5664B2F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gotham City Impostors F2P\Engine.exe
FirewallRules: [{DA468C44-4B8F-44C6-A08F-C1E6EF305D1C}] => (Allow) C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe
FirewallRules: [{22C4DDC9-90AC-470C-9C49-8784DCE5DF85}] => (Allow) C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe
FirewallRules: [{8AB50EA5-7227-47E4-BD3D-E41E1CD2AD4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Advanced Warfare\s1_sp64_ship.exe
FirewallRules: [{9030925A-3E72-4B04-9FD5-15FB628C5973}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Advanced Warfare\s1_sp64_ship.exe
FirewallRules: [{62558EAF-2BB7-4769-851C-BFCD441881F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe
FirewallRules: [{899F6E69-912C-4E32-BA6A-677BCD6DBB70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe
FirewallRules: [{C4B69F04-EE26-40D6-9F0B-448CA99420C2}] => (Allow) C:\Program Files (x86)\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe
FirewallRules: [{37086E1E-587F-4636-8FF8-7D4D161F21AA}] => (Allow) C:\Program Files (x86)\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe
FirewallRules: [{7638F50B-5AB9-4A87-A732-029F3848EAC8}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{EF2818E5-178B-4678-BC6B-0D57D07BF6E7}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{D379BA1D-AE17-4973-81B2-47C76E43F9D6}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{7E2508E3-28C6-460C-B517-4F5474E9D053}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{5641BB5F-27A6-49B1-93EA-06532C33F766}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{1FF9D063-25D8-4A83-A065-A6A7EE602202}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{D3B80A1D-54D6-4C9C-ADFE-ABDC66A3F9BF}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{5495F61F-C26B-43A9-A164-8483CAD11CE8}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{9483A5A2-C7A0-4482-B92E-215E65D0ADF8}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{17FC8E2A-A378-48D3-8B1F-C3F551377C32}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{20EE8D26-1274-4782-887E-B241FEE83376}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{B5E23D3A-B8D4-4178-9863-7DF756530D32}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{3CCC5713-A93B-45D5-9158-279A01A2E45A}] => (Allow) C:\Program Files (x86)\speed browser\Application\browser.exe
FirewallRules: [{8A67030D-A9DA-4075-9069-DC4DCE2FFBB8}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{1FD34BED-BD64-4A79-82DD-24130F86D528}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{88BCBC43-8993-472A-AA81-5ED28B3CD90C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BB6F8AD3-D8A1-4A7E-B8AF-28B4A4F06327}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1DC81626-607C-423F-8D21-A6A97261F09B}] => (Allow) C:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe
FirewallRules: [{33264F9E-A21C-4295-9482-C9C63214C01A}] => (Allow) C:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe
FirewallRules: [{889C1A5C-373F-43EE-801E-98359ED31640}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{F2DEB453-2E5A-4E4A-A980-4FDD37497667}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{E3819354-E87D-43B0-B0DB-EA575D8500B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{08F7F1E3-AB64-4176-9F29-FFDEAFCF0439}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{510D37D6-4F4B-4903-BA90-FFD2151819BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{BFF2BA5F-C714-4CD9-94F8-B11A35A5AEA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{6B29AB21-3B56-4C2A-91D9-94B84D116177}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{B4A135F1-C581-45EB-8B58-3F03741C838C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/17/2015 11:14:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b98
Startzeit: 01d0a941a1c9af68
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: cfeb974f-1535-11e5-8301-7824af296216
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (06/17/2015 11:00:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e10
Startzeit: 01d0a93ff6272337
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: eb606509-1533-11e5-8300-7824af296216
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (06/17/2015 10:36:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CARSTEN)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/17/2015 10:26:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 19cc
Startzeit: 01d0a93b2de48f65
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 219eeace-152f-11e5-82ff-7824af296216
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (06/17/2015 10:22:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (06/17/2015 10:18:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (06/17/2015 09:56:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1ca4
Startzeit: 01d0a936fd0467b4
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: f0912822-152a-11e5-82ff-7824af296216
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (06/17/2015 09:25:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 5a0
Startzeit: 01d0a932b172150e
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: a4f68e52-1526-11e5-82ff-7824af296216
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (06/17/2015 08:56:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1b04
Startzeit: 01d0a92e9b3dd392
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 8eca5b89-1522-11e5-82ff-7824af296216
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (06/17/2015 08:42:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: UpdateChecker.exe, Version: 0.0.0.0, Zeitstempel: 0x531ebb57
Name des fehlerhaften Moduls: alvupdt.dll, Version: 1.0.0.10, Zeitstempel: 0x53202e45
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000feb9
ID des fehlerhaften Prozesses: 0x1d80
Startzeit der fehlerhaften Anwendung: 0xUpdateChecker.exe0
Pfad der fehlerhaften Anwendung: UpdateChecker.exe1
Pfad des fehlerhaften Moduls: UpdateChecker.exe2
Berichtskennung: UpdateChecker.exe3
Vollständiger Name des fehlerhaften Pakets: UpdateChecker.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: UpdateChecker.exe5
System errors:
=============
Error: (06/17/2015 11:15:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/17/2015 11:15:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/17/2015 11:15:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/17/2015 11:15:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/17/2015 11:15:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/17/2015 11:15:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/17/2015 11:15:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/17/2015 11:15:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/17/2015 11:15:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iolo System Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/17/2015 11:15:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
Error: (06/17/2015 11:14:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856b9801d0a941a1c9af684294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.execfeb974f-1535-11e5-8301-7824af296216microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (06/17/2015 11:00:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856e1001d0a93ff62723374294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exeeb606509-1533-11e5-8300-7824af296216microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (06/17/2015 10:36:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CARSTEN)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148
Error: (06/17/2015 10:26:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2085619cc01d0a93b2de48f654294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe219eeace-152f-11e5-82ff-7824af296216microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (06/17/2015 10:22:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Carsten\Desktop\trojaner-board\esetsmartinstaller_deu.exe
Error: (06/17/2015 10:18:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\daten\trojaner-board\esetsmartinstaller_deu.exe
Error: (06/17/2015 09:56:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.208561ca401d0a936fd0467b44294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exef0912822-152a-11e5-82ff-7824af296216microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (06/17/2015 09:25:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.208565a001d0a932b172150e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exea4f68e52-1526-11e5-82ff-7824af296216microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (06/17/2015 08:56:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.208561b0401d0a92e9b3dd3924294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe8eca5b89-1522-11e5-82ff-7824af296216microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (06/17/2015 08:42:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UpdateChecker.exe0.0.0.0531ebb57alvupdt.dll1.0.0.1053202e45c00000050000feb91d8001d0a92d29eb890eC:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exeC:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll93129da8-1520-11e5-82ff-7824af296216
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 22%
Total physical RAM: 8075.43 MB
Available physical RAM: 6276.2 MB
Total Pagefile: 16779.43 MB
Available Pagefile: 14480.61 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:7.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:529.14 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D3893E84)
Partition: GPT Partition Type.
==================== End of log ============================
--- --- --- |
|
17.06.2015, 23:02
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | win8.1 Internet öffnet immer neue SeitenZitat:
Hau alles weg bis auf Emsisoft.
__________________ |
|
19.06.2015, 19:36
| #18 |
| | win8.1 Internet öffnet immer neue Seiten Hallo cosinus,
__________________habe avira und mcafee entfernt und einige spiele dazu. Was soll ich jetzt machen? |
|
19.06.2015, 19:45
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | win8.1 Internet öffnet immer neue Seiten Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.06.2015, 20:54
| #20 |
| | win8.1 Internet öffnet immer neue Seiten Hallo cosinus, nähern wir uns dem Grenzwert? Hier die logs: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015 Ran by Carsten (administrator) on CARSTEN on 19-06-2015 21:46:49 Running from C:\Users\Carsten\Desktop Loaded Profiles: Carsten (Available Profiles: Carsten) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe () C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe (Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWXUX.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-18] (Intel Corporation) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] () HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4923832 2015-05-26] (Emsisoft Ltd) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-3715676092-2590170253-164830291-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: No Name -> {1F81E7D8-EAD3-463C-8209-858DEC5E4FDD} -> No File BHO: No Name -> {34D0826E-7DC1-4B54-90ED-191A60ADA6A1} -> No File BHO: No Name -> {70FDDD11-A146-4C0F-A4DA-8A8F25DB87B3} -> No File BHO: No Name -> {e5500ead-9940-45ff-8d34-d97dd41ababe} -> No File BHO: No Name -> {EC9F8CAB-2247-4F36-BCE7-3DFD2447DC9E} -> No File BHO: No Name -> {F4734433-9CAE-423E-B8E2-9BDF2454A795} -> No File BHO: No Name -> {F56950E1-4EFE-46D0-A9A1-36C423DBD37B} -> No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Carsten\AppData\Roaming\Mozilla\Firefox\Profiles\dk0njk6k.default-1425814825542 FF SelectedSearchEngine: delta-homes FF Homepage: hxxp://www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-11] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-11] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Extension: GetTheDiscount - C:\Users\Carsten\AppData\Roaming\Mozilla\Firefox\Profiles\dk0njk6k.default-1425814825542\Extensions\gftblidtdfyu_ool@irvibpzkrwemeewgs.org [2015-05-10] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Carsten\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-01-17] Opera: ======= OPR StartupUrls: "hxxp://www.google.de/" OPR Extension: (Dynamo Combo) - C:\Users\Carsten\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgohmfhlbipbcmmpdonacmkpibfghppn [2015-05-03] StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.delta-homes.com/?type=sc&ts=1434105950&z=766685ec54ab49f54f76b6dg6z6c3z2gee0w0tac1o&from=ient06122&uid=ST1000LM024XHN-M101MBB_S32XJ9BF501796 ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5155576 2015-05-26] (Emsisoft Ltd) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-18] (Intel Corporation) R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-18] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-18] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-18] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-18] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed] S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation) R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-09-30] (iolo technologies, LLC) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation) S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-05-25] (Electronic Arts) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation) R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-18] (Intel Corporation) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-18] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-18] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-18] (Intel Corporation) R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation) R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2014-01-03] (Windows (R) Win 7 DDK provider) R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-09-30] (EldoS Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-24] (Realsil Semiconductor Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation) U0 msahci; system32\drivers\msahci.sys ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-17 23:24 - 2015-06-17 23:24 - 00044455 _____ C:\Users\Carsten\Desktop\Addition.txt 2015-06-17 23:23 - 2015-06-19 21:46 - 00015001 _____ C:\Users\Carsten\Desktop\FRST.txt 2015-06-17 23:23 - 2015-06-17 07:22 - 02109952 _____ (Farbar) C:\Users\Carsten\Desktop\FRST64.exe 2015-06-17 23:20 - 2015-06-17 23:20 - 00001211 _____ C:\Users\Carsten\Desktop\JRT.txt 2015-06-17 23:13 - 2015-06-17 23:13 - 00000207 _____ C:\Windows\tweaking.com-regbackup-CARSTEN-Windows-8.1-(64-bit).dat 2015-06-17 23:13 - 2015-06-17 23:13 - 00000000 ____D C:\RegBackup 2015-06-17 23:12 - 2015-06-17 23:11 - 02949914 _____ (Thisisu) C:\Users\Carsten\Desktop\JRT(1).exe 2015-06-17 23:11 - 2015-06-17 23:11 - 02949914 _____ (Thisisu) C:\Users\Carsten\Downloads\JRT(1).exe 2015-06-17 23:10 - 2015-06-17 23:06 - 00013325 _____ C:\Users\Carsten\Desktop\AdwCleaner[S0].txt 2015-06-17 23:04 - 2015-06-14 06:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Carsten\Desktop\mbam-setup-2.1.6.1022.exe 2015-06-17 23:03 - 2015-06-17 23:06 - 00000000 ____D C:\AdwCleaner 2015-06-17 23:02 - 2015-06-17 07:20 - 02231296 _____ C:\Users\Carsten\Desktop\AdwCleaner_4.206.exe 2015-06-17 23:01 - 2015-06-17 23:01 - 02231296 _____ C:\Users\Carsten\Downloads\AdwCleaner_4.206(1).exe 2015-06-17 22:49 - 2015-06-17 22:49 - 00026361 _____ C:\Users\Carsten\Desktop\mbam.txt 2015-06-17 07:22 - 2015-06-17 07:22 - 02109952 _____ (Farbar) C:\Users\Carsten\Downloads\FRST64.exe 2015-06-17 07:21 - 2015-06-17 07:21 - 02946265 _____ (Thisisu) C:\Users\Carsten\Downloads\JRT.exe 2015-06-17 07:20 - 2015-06-17 07:20 - 02231296 _____ C:\Users\Carsten\Downloads\AdwCleaner_4.206.exe 2015-06-17 07:18 - 2015-06-17 07:19 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Carsten\Downloads\mbam-setup-2.1.6.1022.exe 2015-06-16 13:06 - 2015-06-16 13:06 - 00000000 ____D C:\Users\Carsten\AppData\Local\GWX 2015-06-16 09:17 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-16 09:17 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-16 09:17 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-16 09:17 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-16 09:17 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-16 09:17 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-16 09:17 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-16 09:17 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-15 14:03 - 2015-06-19 19:35 - 00000000 ____D C:\ProgramData\Avira 2015-06-14 21:38 - 2015-06-14 21:38 - 00000000 ____D C:\Program Files (x86)\ESET 2015-06-14 21:03 - 2015-06-19 21:46 - 00000000 ____D C:\FRST 2015-06-14 20:54 - 2015-06-14 20:54 - 00000000 ____D C:\ProgramData\Emsisoft 2015-06-14 12:03 - 2015-06-14 12:03 - 00003094 _____ C:\Windows\System32\Tasks\{56A2E47B-41EE-408C-A573-8F3B696F1CA8} 2015-06-14 09:41 - 2015-06-19 21:46 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-14 09:39 - 2015-06-17 22:24 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-06-14 09:39 - 2015-06-17 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-14 09:39 - 2015-06-17 22:24 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-14 09:39 - 2015-06-14 09:39 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-14 09:39 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-14 09:39 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-14 09:39 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-14 09:26 - 2015-06-14 09:26 - 00000000 ____D C:\Users\Carsten\Desktop\trojaner-board 2015-06-14 09:21 - 2015-06-14 20:59 - 00056900 _____ C:\EamClean.log 2015-06-14 08:12 - 2015-06-14 08:12 - 00001105 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2015-06-14 08:12 - 2015-06-14 08:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2015-06-14 08:11 - 2015-03-24 00:17 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys 2015-06-14 08:10 - 2015-06-19 21:46 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware 2015-06-14 08:07 - 2015-06-14 08:08 - 00000000 ____D C:\daten 2015-06-12 19:45 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll 2015-06-12 19:42 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-12 19:42 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-06-12 19:42 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-06-12 19:42 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-06-12 19:42 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-06-12 19:42 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-06-12 19:42 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-06-12 19:42 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-12 19:42 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-12 19:42 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-12 19:42 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-06-12 19:42 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-06-12 19:42 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-12 19:42 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-06-12 19:42 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-12 19:42 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-12 19:42 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-06-12 19:42 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-12 19:42 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-12 19:42 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-12 19:42 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-12 19:42 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-12 19:42 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-12 19:42 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-12 19:42 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-12 19:42 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-12 19:42 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-12 19:42 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-12 19:42 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-06-12 19:42 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-12 19:42 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-06-12 19:42 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-06-12 19:42 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-06-12 19:42 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-12 19:42 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-12 19:42 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-12 19:42 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-12 19:42 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-06-12 19:42 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-12 19:42 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-12 19:42 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-12 19:42 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-12 15:12 - 2015-06-12 15:33 - 00000000 _____ C:\Recovery.txt 2015-06-12 14:37 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-06-12 14:37 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-06-12 14:37 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-06-12 14:37 - 2015-04-16 08:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS 2015-06-12 14:37 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll 2015-06-12 14:37 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll 2015-06-12 14:37 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll 2015-06-12 14:37 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll 2015-06-12 14:37 - 2015-04-09 00:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml 2015-06-12 14:37 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-06-12 14:37 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll 2015-06-12 14:37 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2015-06-12 14:37 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2015-06-12 14:37 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2015-06-12 14:37 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2015-06-12 14:37 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2015-06-12 14:37 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2015-06-12 14:37 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2015-06-12 14:37 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2015-06-12 14:37 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2015-06-12 14:37 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2015-06-12 14:37 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2015-06-12 14:37 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2015-06-12 14:37 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2015-06-12 14:37 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll 2015-06-12 14:37 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2015-06-12 14:37 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2015-06-12 14:37 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-06-12 14:37 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll 2015-06-12 14:37 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll 2015-06-12 11:23 - 2015-06-12 11:23 - 00000000 ____D C:\Windows\system32\config\Original 2015-06-04 09:45 - 2015-06-19 20:27 - 00000000 ____D C:\Users\Carsten\Desktop\Programme 2015-06-04 09:44 - 2015-06-04 09:46 - 00000000 ____D C:\Users\Carsten\Desktop\Origin usw 2015-05-29 09:04 - 2015-05-29 09:55 - 00000000 ____D C:\Users\Carsten\AppData\Local\PAYDAY 2 2015-05-29 09:04 - 2015-05-29 09:04 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2015-05-27 07:59 - 2015-05-29 20:32 - 00000080 _____ C:\Users\Carsten\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦 2015-05-27 07:59 - 2015-05-27 07:59 - 00000000 ____D C:\Users\Carsten\Documents\Rockstar Games 2015-05-27 07:59 - 2015-05-27 07:59 - 00000000 ____D C:\Users\Carsten\AppData\Local\Rockstar Games 2015-05-27 07:59 - 2015-05-27 07:59 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2015-05-27 07:58 - 2015-05-27 07:58 - 00000000 ____D C:\Program Files\Rockstar Games 2015-05-26 16:05 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-26 16:05 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-25 21:36 - 2015-06-12 11:52 - 00000000 ____D C:\Program Files (x86)\Talking Tom Cat Kid Ginger 2015-05-24 15:34 - 2015-06-11 12:28 - 00003452 _____ C:\Windows\System32\Tasks\Ororubeovbren 2015-05-24 15:34 - 2015-05-24 15:34 - 00000000 ____D C:\ProgramData\Ororubeovbren ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-19 21:47 - 2014-12-25 15:43 - 00000074 _____ C:\Users\Carsten\AppData\Roaming\sp_data.sys 2015-06-19 21:47 - 2014-06-24 18:46 - 01469632 _____ C:\Windows\WindowsUpdate.log 2015-06-19 21:46 - 2014-12-27 16:17 - 00000000 ___RD C:\Users\Carsten\OneDrive 2015-06-19 21:44 - 2015-05-02 10:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-19 21:44 - 2013-12-13 05:57 - 00344186 _____ C:\Windows\PFRO.log 2015-06-19 21:44 - 2013-08-22 16:46 - 00034950 _____ C:\Windows\setupact.log 2015-06-19 21:44 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-19 21:44 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-06-19 21:43 - 2014-12-26 12:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-19 21:37 - 2014-12-25 15:48 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3715676092-2590170253-164830291-1001 2015-06-19 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-06-19 20:29 - 2015-02-13 16:56 - 00000000 ____D C:\Program Files (x86)\alt-Mozilla Firefox 2015-06-19 20:28 - 2014-12-25 21:26 - 00000000 ____D C:\Windows\system32\config\SM Registry Backup 2015-06-19 20:27 - 2015-02-20 23:38 - 00000000 ____D C:\Users\Carsten\Desktop\game 2015-06-19 20:18 - 2014-12-26 22:43 - 00000000 ____D C:\Program Files (x86)\Steam 2015-06-19 20:17 - 2014-12-28 16:35 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-06-19 19:59 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2015-06-19 19:42 - 2013-12-13 06:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-06-19 19:42 - 2013-12-13 06:11 - 00000000 ____D C:\ProgramData\WildTangent 2015-06-19 19:42 - 2013-12-13 06:11 - 00000000 ____D C:\Program Files (x86)\WildTangent Games 2015-06-19 19:36 - 2014-06-24 18:59 - 00000000 ____D C:\ProgramData\McAfee 2015-06-19 19:29 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-06-19 19:24 - 2014-12-26 16:26 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-17 23:05 - 2015-05-02 10:27 - 00000856 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-06-17 23:05 - 2015-03-07 18:54 - 00001008 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-06-17 23:05 - 2015-01-16 19:58 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe 2015-06-16 12:55 - 2015-05-03 10:21 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-16 12:55 - 2015-05-03 10:07 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-16 09:43 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2015-06-15 14:22 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-06-14 20:56 - 2015-02-22 18:06 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\9CCE64D0-1424624809-81F5-2400-7824AF296216 2015-06-14 09:42 - 2015-02-22 18:53 - 00000000 ____D C:\ProgramData\EDOlmOnyl 2015-06-14 08:12 - 2015-02-22 18:20 - 00000129 _____ C:\Users\Carsten\AppData\Roaming\WB.CFG 2015-06-14 08:12 - 2013-12-13 13:04 - 00773008 _____ C:\Windows\system32\perfh007.dat 2015-06-14 08:12 - 2013-12-13 13:04 - 00162310 _____ C:\Windows\system32\perfc007.dat 2015-06-14 08:12 - 2013-12-13 06:09 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-13 08:34 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData 2015-06-12 21:46 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2015-06-12 19:55 - 2013-08-22 16:44 - 00338016 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-12 19:52 - 2015-04-13 08:33 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-06-12 19:52 - 2015-04-13 08:33 - 00000000 ___SD C:\Windows\system32\GWX 2015-06-12 19:52 - 2014-12-26 19:33 - 00000000 ____D C:\Windows\system32\MRT 2015-06-12 19:52 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-12 14:37 - 2014-12-25 20:47 - 00000000 ____D C:\ProgramData\iolo 2015-06-12 14:32 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF 2015-06-12 13:47 - 2015-03-28 17:04 - 00000000 ____D C:\tmp 2015-06-12 13:22 - 2015-03-07 18:54 - 00000000 ____D C:\Program Files (x86)\Opera 2015-06-11 13:14 - 2015-04-08 08:53 - 00000000 ____D C:\Program Files (x86)\Permanent Readability 2015-06-11 12:57 - 2015-03-07 18:55 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1425747289 2015-06-11 12:43 - 2014-12-26 12:26 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-07 10:12 - 2014-12-25 15:41 - 00000000 ____D C:\Users\Carsten 2015-06-03 18:18 - 2015-05-03 10:19 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-03 18:18 - 2015-05-03 10:19 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-31 10:04 - 2014-12-26 12:28 - 00000000 ____D C:\Users\Carsten\AppData\Roaming\.minecraft 2015-05-29 09:04 - 2014-06-24 18:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2015-05-29 06:11 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel 2015-05-27 00:04 - 2014-12-26 19:33 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-26 08:59 - 2015-01-16 19:58 - 00000000 ____D C:\Users\Carsten\AppData\Local\Warframe 2015-05-26 08:57 - 2015-03-08 11:07 - 00054112 _____ C:\Windows\DirectX.log 2015-05-25 13:44 - 2014-12-26 12:44 - 00000000 ____D C:\ProgramData\Origin 2015-05-25 13:40 - 2014-12-26 12:44 - 00000000 ____D C:\Program Files (x86)\Origin 2015-05-24 21:06 - 2013-08-22 22:59 - 00000000 ____D C:\Program Files\Windows Journal ==================== Files in the root of some directories ======= 2014-12-25 15:43 - 2015-06-19 21:47 - 0000074 _____ () C:\Users\Carsten\AppData\Roaming\sp_data.sys 2015-02-22 18:20 - 2015-06-14 08:12 - 0000129 _____ () C:\Users\Carsten\AppData\Roaming\WB.CFG 2015-03-06 20:11 - 2015-03-06 20:11 - 0274045 _____ () C:\Users\Carsten\AppData\Local\dsi1.dat 2015-03-06 20:11 - 2015-03-06 20:11 - 0161916 _____ () C:\Users\Carsten\AppData\Local\dsi2.dat 2015-05-02 11:05 - 2015-05-02 11:05 - 0000000 _____ () C:\Users\Carsten\AppData\Local\Temp.dat 2014-06-24 18:50 - 2014-06-24 18:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-12-13 06:09 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2013-12-13 06:09 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2013-12-13 06:09 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS Files to move or delete: ==================== C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS Some files in TEMP: ==================== C:\Users\Carsten\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-14 12:35 ==================== End of log ============================ FRST Additions Logfile: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Carsten at 2015-06-19 21:48:17
Running from C:\Users\Carsten\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3715676092-2590170253-164830291-500 - Administrator - Disabled)
Carsten (S-1-5-21-3715676092-2590170253-164830291-1001 - Administrator - Enabled) => C:\Users\Carsten
Gast (S-1-5-21-3715676092-2590170253-164830291-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3715676092-2590170253-164830291-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Assassin's Creed Unity (HKLM-x32\...\Uplay Install 720) (Version: - Ubisoft)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.7 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0033 - ASUS)
Blender (HKLM\...\Blender) (Version: 2.73a - Blender Foundation)
Call of Duty: Advanced Warfare - Multiplayer (HKLM-x32\...\Steam App 209660) (Version: - Sledgehammer Games)
Call of Duty: Advanced Warfare (HKLM-x32\...\Steam App 209650) (Version: - Sledgehammer Games)
EA Download Manager (HKLM-x32\...\EADM) (Version: 5.0.0.128 - Electronic Arts, Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Evolve (HKLM-x32\...\Steam App 273350) (Version: - Turtle Rock Studios)
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GoHDV07.03 (HKLM-x32\...\GoHDV07.03) (Version: 1.36.01.22 - InstallMoonV07.03) <==== ATTENTION!
Gotham City Impostors: Free To Play (HKLM-x32\...\Steam App 206210) (Version: - Monolith Productions, Inc.)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.0.3 - iolo technologies, LLC)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
NVIDIA Graphics Driver 332.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.85 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Opera Stable 30.0.1835.59 (HKLM-x32\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Overlord (HKLM-x32\...\{259A8A5E-2886-4BED-9EF1-D5485282CCC3}) (Version: 1.00.0606 - Codemasters)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Permanent Readability (HKLM-x32\...\{CC17A332-9555-AD95-3985-0BDD9BF0EC71}) (Version: - "") <==== ATTENTION
Phone To Desktop (HKLM-x32\...\{40DC4B27-4588-C56F-7737-D03A0ACE4383}) (Version: - "")
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
Warframe (HKLM-x32\...\{CBFC50BE-963E-464B-A20E-8031064B647F}) (Version: 1.0.0 - Digital Extremes)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.21 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3715676092-2590170253-164830291-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3715676092-2590170253-164830291-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
==================== Restore Points =========================
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01E76E5D-A9A7-4656-9CF0-C21BFD9722DE} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] ()
Task: {0B806867-7677-4779-8D68-19838AE82F36} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {10669899-3CFC-4C77-B215-A635A440A2E4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {11899337-2077-46AE-A5C5-1BE3C5190AC0} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {195A06DC-DDD1-478F-A62C-208F73090080} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {1F488469-7C4C-4EFD-8054-BF35F69160CC} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor)
Task: {2A862315-89E0-4E04-8377-65C2DBD690BF} - System32\Tasks\{56A2E47B-41EE-408C-A573-8F3B696F1CA8} => pcalua.exe -a "C:\Program Files (x86)\gmsd_de_245\unins000.exe"
Task: {2B728A11-6CAA-4F2E-8E92-F86E0A1F535F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {309C526C-223F-4358-85F1-17916022FB1F} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2014-01-03] ()
Task: {3B41E8F5-4ACF-4284-8DB9-BC0B65F7D331} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-27] (Microsoft Corporation)
Task: {3BABC33E-CB92-4856-B233-0B4039AEFAFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {43BB3A43-CED8-4689-AD10-743679D0E09D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-11] (Adobe Systems Incorporated)
Task: {44322FA6-EF9A-4E60-8BE7-E83C2D5BEB3D} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-06-19] ()
Task: {50F3F757-8EEC-4960-8C1F-A134745D7405} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {573F8C82-8EF9-4799-B7B4-EF3C63D29382} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2014-09-30] (iolo technologies, LLC)
Task: {73F590F3-4A68-46AB-88E1-836DE53DE8EE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {78F98D9E-2E2B-407A-A1FE-E1FB6DAF8823} - System32\Tasks\Ororubeovbren => C:\ProgramData\Ororubeovbren\1.0.1.0\owsopnuf.exe
Task: {950F3B99-A2C7-4C8D-9DB0-CC77753861B0} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {AB9DDD17-D9F8-4C90-83BE-1B4005446876} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {B28E57EB-5F3C-477F-B010-A224BD9F7611} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2014-01-03] (ASUS)
Task: {CEA4FD0F-6D45-40AB-B0EB-2F128BCCB60C} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15] (Realtek Semiconductor)
Task: {D392893A-451C-4A22-A4E0-D256EF7FF4A9} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {D71B6004-51C9-49FD-B8B5-18F7D2308EB9} - System32\Tasks\Opera scheduled Autoupdate 1425747289 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-10] (Opera Software)
Task: {E59002CE-0512-4DAF-8E7B-EA072E10ED64} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {EFBE14B2-2CDB-4103-8EDC-269D5400EDDA} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-06-19] ()
Task: {F93206B7-9446-444B-81C3-8CD2399AB484} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2014-06-24 18:47 - 2014-03-13 21:26 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-03 18:26 - 2014-01-03 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-01-03 18:26 - 2014-01-03 18:26 - 00028672 _____ () C:\Program Files\ASUS\P4G\plctrl.dll
2014-05-23 04:10 - 2014-03-18 05:10 - 00080312 _____ () C:\Windows\system32\igfxexps.dll
2013-08-16 10:25 - 2013-08-16 10:25 - 00063296 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe
2013-10-08 21:41 - 2013-10-08 21:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-09 19:23 - 2013-09-09 19:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Carsten\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Carsten\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3715676092-2590170253-164830291-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Carsten\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B6FE40B7-E75C-454B-99C3-C03FC0977895}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0403AAEE-E1FD-4C6A-99AC-FE2CEAF7AB18}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E7F6EC47-7198-4E61-86A4-94641855CF26}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{0AA49F4F-4379-4AE0-A10D-40F4DE044DE9}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{A931A845-2A59-49E6-9D67-EA530F1A62DA}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{BA40F246-2582-4B92-8B43-BE2E6F24D4B4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2FFAB011-B266-421C-B3F3-089EAE37621B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A352D13-24C2-4196-A64B-79ED7A9DBCE3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{29CB139D-C3D7-46BA-9308-231D629E713E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{84F2A8C7-400E-42E4-A9C3-EE9DE0124430}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{E2BA8DF2-A321-460D-8B71-6735925B0F29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{64107B5C-F585-4E52-9252-08B11AD21762}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{F4BFFECD-AC7D-45E8-BC9D-EAD35C8ABAFE}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed Unity\ACU.exe
FirewallRules: [{93047F7E-31BE-41F8-A2C5-1360F1B76C71}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed Unity\ACU.exe
FirewallRules: [{86C11859-BBB5-4742-BB7A-B171066ABE69}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D7172423-BBF4-4C5C-8988-6A6C4441DB1B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7968B729-98AD-48FA-92A1-720237B527DA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D8F35AD5-5077-4BA6-A25E-09924F8FF07D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0B1BE725-7557-4573-892F-D77516C23747}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gotham City Impostors F2P\Impostors.exe
FirewallRules: [{503B0A43-8BED-41A0-8FF8-A176C3709466}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gotham City Impostors F2P\Impostors.exe
FirewallRules: [{B609F0A8-B160-4799-8C9D-166D54255DD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gotham City Impostors F2P\Engine.exe
FirewallRules: [{61087F73-EF82-4608-903C-9C5E5664B2F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gotham City Impostors F2P\Engine.exe
FirewallRules: [{DA468C44-4B8F-44C6-A08F-C1E6EF305D1C}] => (Allow) C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe
FirewallRules: [{22C4DDC9-90AC-470C-9C49-8784DCE5DF85}] => (Allow) C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe
FirewallRules: [{8AB50EA5-7227-47E4-BD3D-E41E1CD2AD4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Advanced Warfare\s1_sp64_ship.exe
FirewallRules: [{9030925A-3E72-4B04-9FD5-15FB628C5973}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Advanced Warfare\s1_sp64_ship.exe
FirewallRules: [{62558EAF-2BB7-4769-851C-BFCD441881F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe
FirewallRules: [{899F6E69-912C-4E32-BA6A-677BCD6DBB70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe
FirewallRules: [{7638F50B-5AB9-4A87-A732-029F3848EAC8}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{EF2818E5-178B-4678-BC6B-0D57D07BF6E7}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{D379BA1D-AE17-4973-81B2-47C76E43F9D6}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{7E2508E3-28C6-460C-B517-4F5474E9D053}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{5641BB5F-27A6-49B1-93EA-06532C33F766}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{1FF9D063-25D8-4A83-A065-A6A7EE602202}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{D3B80A1D-54D6-4C9C-ADFE-ABDC66A3F9BF}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{5495F61F-C26B-43A9-A164-8483CAD11CE8}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{9483A5A2-C7A0-4482-B92E-215E65D0ADF8}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{17FC8E2A-A378-48D3-8B1F-C3F551377C32}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{20EE8D26-1274-4782-887E-B241FEE83376}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{B5E23D3A-B8D4-4178-9863-7DF756530D32}] => (Allow) C:\Users\Carsten\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{3CCC5713-A93B-45D5-9158-279A01A2E45A}] => (Allow) C:\Program Files (x86)\speed browser\Application\browser.exe
FirewallRules: [{8A67030D-A9DA-4075-9069-DC4DCE2FFBB8}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{1FD34BED-BD64-4A79-82DD-24130F86D528}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{88BCBC43-8993-472A-AA81-5ED28B3CD90C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BB6F8AD3-D8A1-4A7E-B8AF-28B4A4F06327}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E3819354-E87D-43B0-B0DB-EA575D8500B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{08F7F1E3-AB64-4176-9F29-FFDEAFCF0439}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{510D37D6-4F4B-4903-BA90-FFD2151819BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{BFF2BA5F-C714-4CD9-94F8-B11A35A5AEA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{6B29AB21-3B56-4C2A-91D9-94B84D116177}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{B4A135F1-C581-45EB-8B58-3F03741C838C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{3546596D-CEC5-443D-9A3C-C04A5654A812}] => (Allow) C:\Program Files (x86)\alt-Mozilla Firefox\firefox.exe
FirewallRules: [{FA5375BB-B4E8-4C50-BE99-4FCFFA18CD8B}] => (Allow) C:\Program Files (x86)\alt-Mozilla Firefox\firefox.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/19/2015 09:36:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1278
Startzeit: 01d0aac676607072
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 7ad3896c-16ba-11e5-8305-7824af296216
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (06/19/2015 09:26:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 9b8
Startzeit: 01d0aac516c291ca
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 10f9596c-16b9-11e5-8305-7824af296216
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (06/19/2015 08:58:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: fb8
Startzeit: 01d0aac13ddb4706
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 3169697f-16b5-11e5-8305-7824af296216
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (06/19/2015 08:43:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1758
Startzeit: 01d0aabf2571385f
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 18ee7384-16b3-11e5-8305-7824af296216
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (06/19/2015 08:38:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CARSTEN)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/19/2015 08:30:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1010
Startzeit: 01d0aabd54a60ea2
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 48ba5bae-16b1-11e5-8305-7824af296216
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (06/19/2015 08:07:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c28
Startzeit: 01d0aaba28d47df6
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 1c51b01e-16ae-11e5-8304-7824af296216
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (06/19/2015 08:05:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (06/19/2015 07:53:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 12f4
Startzeit: 01d0aab82e184efb
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 23310046-16ac-11e5-8304-7824af296216
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (06/19/2015 07:43:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f60
Startzeit: 01d0aab6ca66b349
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: be36f295-16aa-11e5-8303-7824af296216
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
System errors:
=============
Error: (06/19/2015 09:32:38 PM) (Source: DCOM) (EventID: 10016) (User: CARSTEN)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}CarstenCarstenS-1-5-21-3715676092-2590170253-164830291-1001LocalHost (unter Verwendung von LRPC)Microsoft.BingNews_3.0.4.322_x64__8wekyb3d8bbweS-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257
Error: (06/19/2015 08:56:54 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (06/19/2015 07:29:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Validation Trust Protection Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/19/2015 07:28:45 PM) (Source: DCOM) (EventID: 10010) (User: CARSTEN)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (06/19/2015 07:28:15 PM) (Source: DCOM) (EventID: 10010) (User: CARSTEN)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (06/19/2015 07:12:35 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (06/17/2015 11:15:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/17/2015 11:15:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/17/2015 11:15:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/17/2015 11:15:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (06/19/2015 09:36:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856127801d0aac6766070724294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe7ad3896c-16ba-11e5-8305-7824af296216microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (06/19/2015 09:26:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.208569b801d0aac516c291ca4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe10f9596c-16b9-11e5-8305-7824af296216microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (06/19/2015 08:58:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856fb801d0aac13ddb47064294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe3169697f-16b5-11e5-8305-7824af296216microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (06/19/2015 08:43:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856175801d0aabf2571385f4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe18ee7384-16b3-11e5-8305-7824af296216microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (06/19/2015 08:38:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CARSTEN)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148
Error: (06/19/2015 08:30:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856101001d0aabd54a60ea24294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe48ba5bae-16b1-11e5-8305-7824af296216microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (06/19/2015 08:07:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856c2801d0aaba28d47df64294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe1c51b01e-16ae-11e5-8304-7824af296216microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (06/19/2015 08:05:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (06/19/2015 07:53:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2085612f401d0aab82e184efb4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe23310046-16ac-11e5-8304-7824af296216microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (06/19/2015 07:43:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856f6001d0aab6ca66b3494294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exebe36f295-16aa-11e5-8303-7824af296216microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 22%
Total physical RAM: 8075.43 MB
Available physical RAM: 6226 MB
Total Pagefile: 16779.43 MB
Available Pagefile: 14808.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:61.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:537.64 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D3893E84)
Partition: GPT Partition Type.
==================== End of log ============================
--- --- --- |
|
19.06.2015, 21:01
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | win8.1 Internet öffnet immer neue Seiten FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: No Name -> {1F81E7D8-EAD3-463C-8209-858DEC5E4FDD} -> No File
BHO: No Name -> {34D0826E-7DC1-4B54-90ED-191A60ADA6A1} -> No File
BHO: No Name -> {70FDDD11-A146-4C0F-A4DA-8A8F25DB87B3} -> No File
BHO: No Name -> {e5500ead-9940-45ff-8d34-d97dd41ababe} -> No File
BHO: No Name -> {EC9F8CAB-2247-4F36-BCE7-3DFD2447DC9E} -> No File
BHO: No Name -> {F4734433-9CAE-423E-B8E2-9BDF2454A795} -> No File
BHO: No Name -> {F56950E1-4EFE-46D0-A9A1-36C423DBD37B} -> No File
FF SelectedSearchEngine: delta-homes
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Carsten\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.delta-homes.com/?type=sc&ts=1434105950&z=766685ec54ab49f54f76b6dg6z6c3z2gee0w0tac1o&from=ient06122&uid=ST1000LM024XHN-M101MBB_S32XJ9BF501796
C:\Windows\System32\Tasks\{56A2E47B-41EE-408C-A573-8F3B696F1CA8}
C:\Users\Carsten\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
C:\Users\Carsten\AppData\Roaming\9CCE64D0-1424624809-81F5-2400-7824AF296216
C:\ProgramData\EDOlmOnyl
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ --> win8.1 Internet öffnet immer neue Seiten |
|
20.06.2015, 10:41
| #22 |
| | win8.1 Internet öffnet immer neue Seiten Hallo cosinus, habe Malwarebytes deaktiviert und Emisoft reduziert, hier Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Carsten at 2015-06-20 11:33:47 Run:1
Running from C:\Users\Carsten\Desktop
Loaded Profiles: Carsten (Available Profiles: Carsten)
Boot Mode: Normal
==============================================
fixlist content:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: No Name -> {1F81E7D8-EAD3-463C-8209-858DEC5E4FDD} -> No File
BHO: No Name -> {34D0826E-7DC1-4B54-90ED-191A60ADA6A1} -> No File
BHO: No Name -> {70FDDD11-A146-4C0F-A4DA-8A8F25DB87B3} -> No File
BHO: No Name -> {e5500ead-9940-45ff-8d34-d97dd41ababe} -> No File
BHO: No Name -> {EC9F8CAB-2247-4F36-BCE7-3DFD2447DC9E} -> No File
BHO: No Name -> {F4734433-9CAE-423E-B8E2-9BDF2454A795} -> No File
BHO: No Name -> {F56950E1-4EFE-46D0-A9A1-36C423DBD37B} -> No File
FF SelectedSearchEngine: delta-homes
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Carsten\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.delta-homes.com/?type=sc&ts=1434105950&z=766685ec54ab49f54f76b6dg6z6c3z2gee0w0tac1o&from=ient06122&uid=ST1000LM024XHN-M101MBB_S32XJ9BF501796
C:\Windows\System32\Tasks\{56A2E47B-41EE-408C-A573-8F3B696F1CA8}
C:\Users\Carsten\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
C:\Users\Carsten\AppData\Roaming\9CCE64D0-1424624809-81F5-2400-7824AF296216
C:\ProgramData\EDOlmOnyl
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
EmptyTemp:
*****************
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F81E7D8-EAD3-463C-8209-858DEC5E4FDD}" => key removed successfully
HKCR\CLSID\{1F81E7D8-EAD3-463C-8209-858DEC5E4FDD} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34D0826E-7DC1-4B54-90ED-191A60ADA6A1}" => key removed successfully
HKCR\CLSID\{34D0826E-7DC1-4B54-90ED-191A60ADA6A1} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70FDDD11-A146-4C0F-A4DA-8A8F25DB87B3}" => key removed successfully
HKCR\CLSID\{70FDDD11-A146-4C0F-A4DA-8A8F25DB87B3} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e5500ead-9940-45ff-8d34-d97dd41ababe}" => key removed successfully
HKCR\CLSID\{e5500ead-9940-45ff-8d34-d97dd41ababe} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC9F8CAB-2247-4F36-BCE7-3DFD2447DC9E}" => key removed successfully
HKCR\CLSID\{EC9F8CAB-2247-4F36-BCE7-3DFD2447DC9E} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4734433-9CAE-423E-B8E2-9BDF2454A795}" => key removed successfully
HKCR\CLSID\{F4734433-9CAE-423E-B8E2-9BDF2454A795} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F56950E1-4EFE-46D0-A9A1-36C423DBD37B}" => key removed successfully
HKCR\CLSID\{F56950E1-4EFE-46D0-A9A1-36C423DBD37B} => key not found.
Firefox SelectedSearchEngine removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj" => key removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command\\Default => value restored successfully
C:\Windows\System32\Tasks\{56A2E47B-41EE-408C-A573-8F3B696F1CA8} => moved successfully.
C:\Users\Carsten\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦 => moved successfully.
C:\Users\Carsten\AppData\Roaming\9CCE64D0-1424624809-81F5-2400-7824AF296216 => moved successfully.
C:\ProgramData\EDOlmOnyl => moved successfully.
C:\ProgramData\SetStretch.exe => moved successfully.
C:\ProgramData\SetStretch.VBS => moved successfully.
EmptyTemp: => 698.1 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 11:34:26 ====
|
|
20.06.2015, 22:46
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | win8.1 Internet öffnet immer neue Seiten Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2015, 10:53
| #24 |
| | win8.1 Internet öffnet immer neue Seiten Hallo cosinus, hier die zwei logs: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 21.06.2015 Suchlauf-Zeit: 10:48:19 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.21.01 Rootkit Datenbank: v2015.06.15.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Carsten Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 354310 Verstrichene Zeit: 8 Min, 15 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 2 PUP.Optional.PCSpeedUp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, In Quarantäne, [1342beff8dfde155b0981a79689df010], PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, In Quarantäne, [dd78615c35555adcdef72666f1148b75], Registrierungswerte: 1 PUP.Optional.Binkiland.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Binkiland\\, In Quarantäne, [460f2c911d6deb4b2358a1567f84b050] Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 2 PUP.Optional.Amonetize.A, C:\ProgramData\Ororubeovbren\1.0.1.0, In Quarantäne, [73e2f3ca008a53e36dc998f9c73e54ac], PUP.Optional.Amonetize.A, C:\ProgramData\Ororubeovbren, In Quarantäne, [73e2f3ca008a53e36dc998f9c73e54ac], Dateien: 4 PUP.Optional.Binkiland.C, C:\Users\Carsten\AppData\LocalLow\Microsoft\Internet Explorer\Services\FavIcon.icoWSE_Binkiland, In Quarantäne, [3322318cb9d1aa8c046c24d3c83b7d83], PUP.Optional.Amonetize.A, C:\ProgramData\Ororubeovbren\1.0.1.0\owsopnuf.exe.config, In Quarantäne, [73e2f3ca008a53e36dc998f9c73e54ac], PUP.Optional.Amonetize.A, C:\ProgramData\Ororubeovbren\1.0.1.0\sqlite3.dll, In Quarantäne, [73e2f3ca008a53e36dc998f9c73e54ac], PUP.Optional.Amonetize.A, C:\ProgramData\Ororubeovbren\dat.dat, In Quarantäne, [73e2f3ca008a53e36dc998f9c73e54ac], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=4e8bb6ae28912446892d7d0f6bb05ea2
# end=init
# utc_time=2015-06-14 07:38:18
# local_time=2015-06-14 09:38:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 24326
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=4e8bb6ae28912446892d7d0f6bb05ea2
# end=updated
# utc_time=2015-06-14 07:44:08
# local_time=2015-06-14 09:44:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=4e8bb6ae28912446892d7d0f6bb05ea2
# engine=24326
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-14 08:54:17
# local_time=2015-06-14 10:54:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='McAfee Anti-Virus * Anti-Spyware'
# compatibility_mode=5130 16777214 100 97 295404 57797097 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5402787 59196550 0 0
# scanned=169658
# found=53
# cleaned=0
# scan_time=4208
sh=5A10F30C11DCE52228B78385750B0B8BC1ABC042 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\shopperz\Firefox\chrome\content\main.js"
sh=D0A9D71FB2746839657F53B7790A9D12B7488F3C ft=1 fh=7226839297776104 vn="Variante von Win64/Wajam.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\WajaWebEnhancer\dlls\hiukruukbrkwhwf.dll"
sh=0FA3E09F998F73201FC89F90976C7D38BB2799F5 ft=1 fh=ff3ae83e9f378824 vn="Variante von Win32/Wajam.L evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\WajaWebEnhancer\dlls\krbviomoehoo.dll"
sh=91F6DE3BD128E81D98D7E7016C18F1464522EBFA ft=1 fh=dfb98c9bf8e3f52b vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\AspManager.exe"
sh=7B1BBC535AFC41E5383C8E30551BF917BE2D49C5 ft=1 fh=2a22d10461edd281 vn="Win32/Systweak.K evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\ASPUninstall.exe"
sh=EE6638E1D28948B98D42EF9F5105436C2465DC76 ft=1 fh=e665d1984a140d5f vn="Variante von Win32/Systweak.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\Communication.dll"
sh=9031A751F4CE18B2E780B832F3A16D3DCD7AE219 ft=1 fh=a8cc2f7d0a55a0f9 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\filetypehelper.exe"
sh=91579A10DF3E04682DC5025F6A3B5017BF89EF84 ft=1 fh=9ba12d75b30fb8e0 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ASP\scandll.dll"
sh=6203014D87EA0718C30902B0415181626893F0C1 ft=1 fh=ae6476f761e6425b vn="Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\GoHDV07.03\utils.exe"
sh=352020BA7CF1D6405B3E2EB4C6D5FFB8DA0327B9 ft=1 fh=f3e81e572ca30ccd vn="Variante von Win32/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\Program Files (x86)\IGS\BasementDuster.exe"
sh=F1CEA525AE9DA75CF0A004662416EE5731787E8B ft=1 fh=3eb00557c3af4f9b vn="Variante von Win32/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\Program Files (x86)\IGS\BasementDusterCert.dll"
sh=BC671AECC3C1A615A726376ADC89016A7282A1B2 ft=1 fh=3e76834ec8202471 vn="Variante von Win32/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\Program Files (x86)\IGS\BDL.dll"
sh=BBEAE35E7B2002BBF3FC8E035358E24C7056D1AD ft=1 fh=32923e2284b83fd9 vn="Variante von Win32/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\Program Files (x86)\IGS\BDL.exe"
sh=54AFB162F474559A657AE51787176818B3ADB741 ft=1 fh=8c0b88ec0f96d0f1 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\MiuiTab\BrowerWatchCH.dll"
sh=9811982A617CBF71B9869CE4CDCCDCEFD86A5BA5 ft=1 fh=caf23bc7a93732bb vn="Variante von Win32/ELEX.EE evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\MiuiTab\ProtectService.exe"
sh=D24727B640E68047D623FED40FB3F04ACAB140A6 ft=1 fh=7311fbb3fcb235d5 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\Program Files (x86)\Optimizer Pro 3.38\OptimizerPro.exe"
sh=63D1B6B4FA54C7220E87961289C737B763B76ADA ft=1 fh=da5c04a063b76c9e vn="Variante von Win32/Adware.SpeedingUpMyPC.AD Anwendung" ac=I fn="C:\Program Files (x86)\Optimizer Pro 3.38\OptProGuard.exe"
sh=9D8D0015189F1FB80B7C20518A941011736A1C64 ft=1 fh=f20030823d0ba1bd vn="Variante von Win32/OptimizerPro.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Optimizer Pro 3.38\OptProHelper.dll"
sh=231195609F8C6D5A9035A77B3290F9AF2024536F ft=1 fh=84aafbdfbfeb5caa vn="Variante von Win32/Adware.SpeedingUpMyPC.AE Anwendung" ac=I fn="C:\Program Files (x86)\Optimizer Pro 3.38\OptProReminder.exe"
sh=8029633CBDAEA67CCDFF7EFA90C1B44F00F6CC5B ft=1 fh=b949c46748822381 vn="Variante von Win32/Adware.SpeedingUpMyPC.AG Anwendung" ac=I fn="C:\Program Files (x86)\Optimizer Pro 3.38\OptProSchedule.exe"
sh=B4DDFCB70B4FEF0A40F83F1C83202CD62AC9BC78 ft=1 fh=3ef867f53be37cf6 vn="Variante von Win32/Adware.SpeedingUpMyPC.AG Anwendung" ac=I fn="C:\Program Files (x86)\Optimizer Pro 3.38\OptProSmartScan.exe"
sh=9AD9CADC177E30C4F79BE230F2AA7580A458D659 ft=1 fh=416488f94e5f89b0 vn="Variante von Win32/Adware.SpeedingUpMyPC.AG Anwendung" ac=I fn="C:\Program Files (x86)\Optimizer Pro 3.38\OptProStart.exe"
sh=54D0661F87B36EDAC7C1E250E1431F9489A6C0A6 ft=1 fh=4280d74079f30b82 vn="Variante von Win32/Adware.SpeedingUpMyPC.AG Anwendung" ac=I fn="C:\Program Files (x86)\Optimizer Pro 3.38\OptProUninstaller.exe"
sh=69E0F0C6AAAA4A6FB67057EF1F713353FFF6BD69 ft=1 fh=8825e49aa0894a1b vn="Variante von Win64/Adware.MultiPlug.H Anwendung" ac=I fn="C:\Program Files (x86)\SomartComparoE\mp2mC2DfxxjsJd.x64.dll"
sh=E208F0C68A4E2B52DE2623547FCBA4202D558360 ft=1 fh=2a975c0a7bab6bce vn="Variante von MSIL/Adware.PullUpdate.G.gen Anwendung" ac=I fn="C:\ProgramData\EDOlmOnyl\dat\fCalpmVd.exe"
sh=ACE719C79438C0DB05113B48CE2DE3EEB37B5FBF ft=1 fh=03b5c1a89810a8b3 vn="Variante von MSIL/Adware.PullUpdate.L.gen Anwendung" ac=I fn="C:\ProgramData\Radio\prompt.exe"
sh=3C40F8D558BA58FFD6B7E2CAC359B540F3F6AE02 ft=1 fh=0dc3a9e94e75094b vn="Variante von Win32/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\ProgramData\SecurityUtility\ColorMedia.dll"
sh=C3B7FAA1F84D7DD6C34932B534EDE1C336CAD690 ft=1 fh=374be04f4cb283f0 vn="Variante von Win32/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\ProgramData\SecurityUtility\ColorMedia.exe"
sh=844C6F5AF2B7979830563BB9ED8A929FE117569B ft=1 fh=839c9c276913d090 vn="Variante von Win32/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\ProgramData\SecurityUtility\ColorMediaCrt.dll"
sh=7BFE38E3EA00075C7E5F1D14ED99B4BC3F72D324 ft=1 fh=7b4f7ceb52284c9e vn="Variante von Win32/Adware.CouponMarvel.D Anwendung" ac=I fn="C:\ProgramData\SecurityUtility\RfndNSIS.dll"
sh=46924A9CBBBA50F427DA8CA17FB75E4B1EBEDF6D ft=1 fh=25e1497b77789781 vn="Variante von Win32/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\ProgramData\SecurityUtility\RgsBTMedia.exe"
sh=E208F0C68A4E2B52DE2623547FCBA4202D558360 ft=1 fh=2a975c0a7bab6bce vn="Variante von MSIL/Adware.PullUpdate.G.gen Anwendung" ac=I fn="C:\Users\All Users\EDOlmOnyl\dat\fCalpmVd.exe"
sh=ACE719C79438C0DB05113B48CE2DE3EEB37B5FBF ft=1 fh=03b5c1a89810a8b3 vn="Variante von MSIL/Adware.PullUpdate.L.gen Anwendung" ac=I fn="C:\Users\All Users\Radio\prompt.exe"
sh=3C40F8D558BA58FFD6B7E2CAC359B540F3F6AE02 ft=1 fh=0dc3a9e94e75094b vn="Variante von Win32/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\Users\All Users\SecurityUtility\ColorMedia.dll"
sh=C3B7FAA1F84D7DD6C34932B534EDE1C336CAD690 ft=1 fh=374be04f4cb283f0 vn="Variante von Win32/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\Users\All Users\SecurityUtility\ColorMedia.exe"
sh=844C6F5AF2B7979830563BB9ED8A929FE117569B ft=1 fh=839c9c276913d090 vn="Variante von Win32/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\Users\All Users\SecurityUtility\ColorMediaCrt.dll"
sh=7BFE38E3EA00075C7E5F1D14ED99B4BC3F72D324 ft=1 fh=7b4f7ceb52284c9e vn="Variante von Win32/Adware.CouponMarvel.D Anwendung" ac=I fn="C:\Users\All Users\SecurityUtility\RfndNSIS.dll"
sh=46924A9CBBBA50F427DA8CA17FB75E4B1EBEDF6D ft=1 fh=25e1497b77789781 vn="Variante von Win32/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\Users\All Users\SecurityUtility\RgsBTMedia.exe"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Carsten\AppData\Local\nsb9AD6.tmp"
sh=EC64C2C973D38E4D58FE544932A0AFC73BC5F8E7 ft=1 fh=fcbd2b7e26f45502 vn="Variante von Win32/Adware.ConvertAd.QR Anwendung" ac=I fn="C:\Users\Carsten\AppData\Local\9CCE64D0-1424624861-81F5-2400-7824AF296216\pnso3E97.exe"
sh=359D087553BC0E44A1323E5A57E2C094AEE1B382 ft=1 fh=8337dee6654c158c vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\Users\Carsten\AppData\Local\9CCE64D0-1424624861-81F5-2400-7824AF296216\Uninstall.exe"
sh=81961DFF6B2E70EC839F1F839E9F35044432F822 ft=1 fh=928d9690f6a95d68 vn="Variante von Win32/Adware.ConvertAd.GO Anwendung" ac=I fn="C:\Users\Carsten\AppData\Local\9CCE64D0-1425750621-81F5-2400-7824AF296216\jnsnADE4.exe"
sh=FAE7FE00A6CD251F524E4810FABD1B69E184E50E ft=1 fh=046b2c1c47d55770 vn="Variante von Win32/Adware.ConvertAd.PU Anwendung" ac=I fn="C:\Users\Carsten\AppData\Local\9CCE64D0-1425750621-81F5-2400-7824AF296216\rnsuB1FC.exe"
sh=59B0B74204A2CE40BA5CF320A23057C0CF53065A ft=1 fh=15196d738b10da7a vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\Users\Carsten\AppData\Roaming\9CCE64D0-1424624809-81F5-2400-7824AF296216\Uninstall.exe"
sh=9E92201179129FD84BDFDBEF801F78CD872F4780 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Carsten\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgohmfhlbipbcmmpdonacmkpibfghppn\1.0.1_0\background.js"
sh=D0E7DC57BF82A182770A9658C6CC48AE4D1E52EA ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Carsten\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgohmfhlbipbcmmpdonacmkpibfghppn\1.0.1_0\content.js"
sh=3E6126E4A8C327880020CD73A7BD3E6EFA1004EF ft=1 fh=c28fe079ad106d0c vn="Variante von Win32/InstallCore.VW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Carsten\Downloads\call-of-duty_setup.exe"
sh=B7104C37538AAD81556971A8B77FBB28AE47C7D7 ft=1 fh=5eb5dc1445dfa625 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Carsten\Downloads\Download Manager fuer Minecraft.exe"
sh=C1740ABD05F522E9E6065E81B04B48B8F5903195 ft=1 fh=a24e418495327e80 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Carsten\Downloads\Ghost-Recon-Online-lnstall.exe"
sh=4D271FA32519F6A3D338D5421198FB49B4A0EEF1 ft=1 fh=7093272695327e80 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Carsten\Downloads\Halo-3-lnstall.exe"
sh=FE390F78B7C62E5517C903278D0FA639F837202D ft=1 fh=a1cf3db9f6e97d5e vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\roboot64.exe"
sh=0CE2AC508A8487EBEEE068FE516A4E9BF49FEFA2 ft=1 fh=1e74b89ed2eff87b vn="Win64/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\sasnative64.exe"
sh=3C40F8D558BA58FFD6B7E2CAC359B540F3F6AE02 ft=1 fh=0dc3a9e94e75094b vn="Variante von Win32/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\Windows\SysWOW64\ColorMedia.dll"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=4e8bb6ae28912446892d7d0f6bb05ea2
# end=init
# utc_time=2015-06-21 08:46:59
# local_time=2015-06-21 10:46:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 24428
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=4e8bb6ae28912446892d7d0f6bb05ea2
# end=updated
# utc_time=2015-06-21 09:04:57
# local_time=2015-06-21 11:04:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=4e8bb6ae28912446892d7d0f6bb05ea2
# engine=24428
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-21 09:38:58
# local_time=2015-06-21 11:38:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5967068 59760831 0 0
# scanned=218795
# found=7
# cleaned=7
# scan_time=2041
sh=EC64C2C973D38E4D58FE544932A0AFC73BC5F8E7 ft=1 fh=fcbd2b7e26f45502 vn="Variante von Win32/Adware.ConvertAd.QR Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Carsten\AppData\Local\9CCE64D0-1424624861-81F5-2400-7824AF296216\pnso3E97.exe.vir"
sh=359D087553BC0E44A1323E5A57E2C094AEE1B382 ft=1 fh=8337dee6654c158c vn="Win32/Adware.ConvertAd.AQ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Carsten\AppData\Local\9CCE64D0-1424624861-81F5-2400-7824AF296216\Uninstall.exe.vir"
sh=81961DFF6B2E70EC839F1F839E9F35044432F822 ft=1 fh=928d9690f6a95d68 vn="Variante von Win32/Adware.ConvertAd.GO Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Carsten\AppData\Local\9CCE64D0-1425750621-81F5-2400-7824AF296216\jnsnADE4.exe.vir"
sh=FE390F78B7C62E5517C903278D0FA639F837202D ft=1 fh=a1cf3db9f6e97d5e vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=59B0B74204A2CE40BA5CF320A23057C0CF53065A ft=1 fh=15196d738b10da7a vn="Win32/Adware.ConvertAd.AQ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\Carsten\AppData\Roaming\9CCE64D0-1424624809-81F5-2400-7824AF296216\Uninstall.exe"
sh=9E92201179129FD84BDFDBEF801F78CD872F4780 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Carsten\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgohmfhlbipbcmmpdonacmkpibfghppn\1.0.1_0\background.js"
sh=0DE9498E2D865D0038B62C1C28B66B08CB2F2D27 ft=1 fh=fe61defbb0415307 vn="Variante von Win32/Packed.Komodia.A verdächtige Datei (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\SysWOW64\LavasoftTcpService.dll"
|
|
21.06.2015, 21:37
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | win8.1 Internet öffnet immer neue Seiten FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Carsten\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgohmfhlbipbcmmpdonacmkpibfghppn
C:\Windows\SysWOW64\LavasoftTcpService.dll
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.06.2015, 18:20
| #26 |
| | win8.1 Internet öffnet immer neue Seiten Hallo cosinus, hier Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Carsten at 2015-06-22 19:14:20 Run:2
Running from C:\Users\Carsten\Desktop
Loaded Profiles: Carsten (Available Profiles: Carsten)
Boot Mode: Normal
==============================================
fixlist content:
*****************
C:\Users\Carsten\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgohmfhlbipbcmmpdonacmkpibfghppn
C:\Windows\SysWOW64\LavasoftTcpService.dll
EmptyTemp:
*****************
C:\Users\Carsten\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgohmfhlbipbcmmpdonacmkpibfghppn => moved successfully.
"C:\Windows\SysWOW64\LavasoftTcpService.dll" => File/Folder not found.
EmptyTemp: => 39.7 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 19:14:21 ====
|
|
22.06.2015, 20:02
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | win8.1 Internet öffnet immer neue Seiten Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.06.2015, 14:08
| #28 |
| | win8.1 Internet öffnet immer neue Seiten Hallo cosinus, recht herzlichen Dank, es scheint alles gut zu laufen. Ich kann und werde Euch weiter empfehlen. Vor allem die schnellen Antworten sind super! libaki |
|
23.06.2015, 14:27
| #29 | ||||||||||
| /// Winkelfunktion /// TB-Süch-Tiger™ | win8.1 Internet öffnet immer neue Seiten Dann wären wir durch! Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Abschließend müssen wir noch ein paar Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.06.2015, 21:21
| #30 |
| | win8.1 Internet öffnet immer neue Seiten Hallo cosinus, habe die progs wie empfohlen drüber laufen lassen. Als Virenschutz habe ich GData von cobi. Die "system mechanic" läuft zwar, stoppt aber jedesmal bei der Registry-Prüfung bei 90%. Ich vermute, dass das Löschen der Wiederherstellungspunkte damit zusammenhängen könnte, den in iolo sind sie noch vorhanden. Wie sollte ich weiter vorgehen? De- und Neuistallation von "s-m" hat nichts gebracht. |
|
| Themen zu win8.1 Internet öffnet immer neue Seiten |
| adresse, adressen, daten, downloaden, dvd, funktioniert, interne, internet, internet browser startet ständig selbständig, internetseite, internetseiten, laptop, neue, opera, problem, progs, schei, seite, seiten, spam, starte, starten, super, usb, werbeseite, win, win8.1, öffnet |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
