Win32:Evo-gen

R4BBIT · 19.07.2015, 11:34

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Fabian (ATTENTION: The logged in user is not administrator) on PC_FABIAN on 19-07-2015 12:33:29
Running from C:\Users\Fabian.PC_Fabian\Downloads
Loaded Profiles: Fabian (Available Profiles: AdminFabian & Fabian)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> atiesrxx.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> stacsv64.exe
Failed to access process -> a2service.exe
Failed to access process -> svchost.exe
Failed to access process -> AvastSvc.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> HPSupportSolutionsFrameworkService.exe
Failed to access process -> dasHost.exe
Failed to access process -> HeciServer.exe
Failed to access process -> Jhi_service.exe
Failed to access process -> integratedoffice.exe
Failed to access process -> PnkBstrA.exe
Failed to access process -> GameScannerService.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> svchost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> svchost.exe
Failed to access process -> iPodService.exe
Failed to access process -> HPSA_Service.exe
Failed to access process -> HPConnectedRemoteService.exe
Failed to access process -> IntelMeFWService.exe
Failed to access process -> LMS.exe
Failed to access process -> UNS.exe
Failed to access process -> csrss.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe
Failed to access process -> taskhost.exe
Failed to access process -> ngentask.exe
Failed to access process -> TrustedInstaller.exe
Failed to access process -> conhost.exe
Failed to access process -> TiWorker.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiApSrv.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> atieclxx.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Failed to access process -> taskeng.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2068992 2011-12-14] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATORHL] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [OSDTool] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe [2101248 2012-06-13] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [439488 2013-07-09] (Microsoft Corporation)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\6c1ad802-e2fd-464c-9369-8a947592b2a8.exe [183232 2015-06-23] (AVAST Software)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\Run: [SkyDrive] => C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-12-07] (Microsoft Corporation)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314"
Startup: C:\Users\Fabian.PC_Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2013-03-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Fabian.PC_Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2013-03-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-22] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/35
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/35
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/35
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.janosch-nietlispach.ch/news
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/35
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM -> {622E8319-E326-408F-826B-3134D29BE474} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> DefaultScope {F7DD2BAC-CB4E-4503-BA16-78C70DB4B011} URL = https://www.google.ch/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {622E8319-E326-408F-826B-3134D29BE474} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {F7DD2BAC-CB4E-4503-BA16-78C70DB4B011} URL = https://www.google.ch/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2013-02-06] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-22] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2013-02-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2013-02-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2013-02-06] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-02-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A8851342-14E7-401D-B490-4A2FE92AFB41}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Fabian.PC_Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\yvaouxkb.default
FF Homepage: hxxp://www.janosch-nietlispach.ch/news
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1392978341-1441607686-3862372307-1006: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-06]

Chrome: 
=======
CHR Profile: C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-19]
CHR Extension: (Google Docs) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-19]
CHR Extension: (Google Drive) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-19]
CHR Extension: (YouTube) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-19]
CHR Extension: (Google Search) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-19]
CHR Extension: (Google Sheets) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-19]
CHR Extension: (Avast Online Security) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Google Wallet) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-19]
CHR Extension: (Gmail) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [5020520 2015-03-24] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1855064 2012-11-23] (Microsoft Corporation)
R2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76152 2014-10-03] ()
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76152 2015-02-06] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-22] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
R3 fwndis; C:\Windows\system32\DRIVERS\fwndis64.sys [491632 2015-01-01] ()
R1 fwwfp; C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys [414936 2015-01-01] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-19 12:33 - 2015-07-19 12:33 - 00022152 _____ C:\Users\Fabian.PC_Fabian\Downloads\FRST.txt
2015-07-19 12:32 - 2015-07-19 12:33 - 00000000 ____D C:\FRST
2015-07-19 12:30 - 2015-07-19 12:32 - 02134528 _____ (Farbar) C:\Users\Fabian.PC_Fabian\Desktop\FRST64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-19 12:29 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2015-07-18 16:25 - 2015-06-11 22:42 - 00000080 _____ C:\Users\Fabian.PC_Fabian\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-07-17 18:08 - 2013-02-16 21:06 - 00565248 ___SH C:\Users\Fabian.PC_Fabian\Desktop\Thumbs.db
2015-07-17 18:01 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF
2015-07-17 17:45 - 2015-06-11 20:18 - 00000080 _____ C:\Users\AdminFabian\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-07-17 17:44 - 2015-06-11 20:03 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-07-17 17:43 - 2015-06-11 18:10 - 00000000 ____D C:\Program Files\Rockstar Games
2015-07-17 17:06 - 2012-10-23 19:37 - 00724412 _____ C:\windows\system32\perfh007.dat
2015-07-17 17:06 - 2012-10-23 19:37 - 00163214 _____ C:\windows\system32\perfc007.dat
2015-07-17 17:06 - 2012-07-26 09:28 - 01734152 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-30 12:48 - 2012-07-26 09:21 - 00437724 _____ C:\windows\setupact.log
2015-06-29 21:35 - 2015-03-31 20:10 - 00000000 ____D C:\Program Files (x86)\Emsisoft Internet Security
2015-06-29 21:34 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-27 12:12 - 2013-02-06 22:21 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswsp.sys
2015-06-27 12:10 - 2013-02-05 21:25 - 00000000 ____D C:\Users\Fabian.PC_Fabian\AppData\Local\Packages
2015-06-24 21:39 - 2013-10-31 21:06 - 1023489228 _____ C:\windows\MEMORY.DMP
2015-06-24 21:39 - 2013-10-23 21:17 - 00000000 ____D C:\windows\Minidump
2015-06-23 20:30 - 2013-12-09 21:11 - 00000000 ____D C:\Users\Fabian.PC_Fabian\AppData\Roaming\TS3Client
2015-06-21 08:47 - 2012-08-01 19:02 - 00742100 _____ C:\windows\PFRO.log

==================== Files in the root of some directories =======

2013-02-02 18:13 - 2013-02-02 18:13 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\AdminFabian\AppData\Local\Temp\GTA_V_Patch_1_0_372_2.exe
C:\Users\Fabian.PC_Fabian\AppData\Local\Temp\GTA_V_Patch_1_0_393_2.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

--- --- ---

[CODE]¨Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Fabian at 2015-07-19 12:34:03
Running from C:\Users\Fabian.PC_Fabian\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

AdminFabian (S-1-5-21-1392978341-1441607686-3862372307-1005 - Administrator - Enabled) => C:\Users\AdminFabian
Administrator (S-1-5-21-1392978341-1441607686-3862372307-500 - Administrator - Disabled)
Fabian (S-1-5-21-1392978341-1441607686-3862372307-1006 - Limited - Enabled) => C:\Users\Fabian.PC_Fabian
Gast (S-1-5-21-1392978341-1441607686-3862372307-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1392978341-1441607686-3862372307-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Internet Security (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Internet Security (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Emsisoft Internet Security (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{BF821093-CFD3-EC1B-B357-6817EE34E5C7}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG7100 series Benutzerregistrierung (HKLM-x32\...\Canon MG7100 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Emsisoft Internet Security (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
eTax.zug 2014 nP 1.3.0 (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\8452-4068-1171-2815) (Version: 1.3.0 - Information Factory AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.7 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{86FD8326-909D-45F5-BB61-0619D0D31293}) (Version: 11.50.0011 - Hewlett-Packard Company)
HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4454.1004 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.6 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.6 (x86 de)) (Version: 38.0.6 - Mozilla)
NWZ-E450 WALKMAN Guide (HKLM-x32\...\{0A6C2811-AD29-473F-8086-F0B401276DEC}) (Version: 2.1.0.17210 - Sony Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
RecImgManager (HKLM-x32\...\{1ECC3992-5E46-4A3B-823F-4228D5B05A83}) (Version: 2.0.26222 - SlimWare Utilities, Inc.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamSpeak 3 Client (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2015-03-23 19:52 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2012-07-04 22:37 - 2012-07-04 22:37 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-05-04 17:42 - 2012-05-04 17:42 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2012-05-04 17:42 - 2012-05-04 17:42 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Fabian.PC_Fabian\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\Run: => "SkyDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FBB1C137-790B-486B-A9C9-27B435B298F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{293ABFA0-F8E4-4BEE-989D-E9F5BB71FA8D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF3D2D61-C87A-4D43-9E52-1D6ABDD4012F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3F2898FF-636E-494A-A285-C5E36AF9CFB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C008179C-4E73-43B3-AE1F-761536965182}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{D559845D-EA90-49AC-AA22-87A9048E0C3F}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{B90066BF-D10D-4365-B161-3D91EABEC775}] => (Allow) C:\Users\AdminFabian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2DFB5855-1A34-43A2-BA35-A329FC85E85C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{18FCFA59-65A8-4E08-AFF7-D175F3A69EB5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5DEA5977-AAE4-4705-9CBE-A522CEDE88E6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{89579F59-EFB0-4DCB-9C86-C2F2213A110A}] => (Allow) LPort=2869
FirewallRules: [{5F8EE66C-73FF-4440-ACC8-26DEF876E66E}] => (Allow) LPort=1900
FirewallRules: [{DB8A88AE-0600-4295-88EC-70C0BC252A00}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{05F57B78-2520-4FA8-AE37-EED4AA648917}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{7E4CE3E0-E0A1-4ADF-BB67-48FEF13A388F}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{EAC1CAEE-90CA-4D75-A471-EF0E268AFF38}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [{EF607449-0DA6-4A67-916B-36757CB05CD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Future Soldier\Future Soldier.exe
FirewallRules: [{E5A994C9-B85E-42E6-BBFB-1BF6E259E16C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Future Soldier\Future Soldier.exe
FirewallRules: [TCP Query User{9A101C02-AFA2-4EE8-9018-012E365F5DE4}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe
FirewallRules: [UDP Query User{ED0CF3BB-BC4A-42C6-95CF-60F7B18D1A31}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe
FirewallRules: [TCP Query User{46220C03-5BE5-4E16-87E1-4644B21A49CF}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{FF72C7FF-F4E0-47F5-A1E0-ED12B2EC0FEE}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{2516AA43-DAD4-47EE-9345-8B815227CA08}] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{658CEDA9-859B-4117-8EA9-8DB4A7CE1EB4}] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{25B7CD5D-C18C-429B-B8B9-BE64640530EC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B433DBEC-8EA6-45B9-8863-060CE099D8CC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A8BDCF14-4299-4204-AF95-DC0772D6620B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{56E884CE-DB2E-45A7-A827-87BB7B549121}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4B47B08A-E461-45C5-87F3-0A8F0F53A797}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CEEF249C-ED01-4EEE-81C3-0C4FF075B9AD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FB00654F-36F9-4054-A5FC-D3F89A90DE62}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{397D4BAD-B323-4520-A472-DE71F8919AAF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{32DA7891-EFD1-429C-8BEC-3E009F8C7293}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A374E77-62D3-4697-A0DD-4DB46E457235}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F8555F4A-E8B3-42BC-BA6C-057D3DB93E3B}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{8DE04DB3-882A-41C6-BBF4-56BCABCB5FDD}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{371E1ECE-4267-4F1F-8CE3-3EBA990F67EA}] => (Block) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{190D422E-BD7E-4A1E-ACFF-347D2861C676}] => (Block) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{45106DB0-6892-468E-9F21-01376780DEF8}] => (Allow) LPort=53000
FirewallRules: [{F28299A8-998B-423C-9BF7-BA6745319FAD}] => (Allow) LPort=52000

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2015 12:28:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RzStats.Manager.exe, Version: 1.0.0.35, Zeitstempel: 0x548957e0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.17366, Zeitstempel: 0x554d16f6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00010192
ID des fehlerhaften Prozesses: 0x1214
Startzeit der fehlerhaften Anwendung: 0xRzStats.Manager.exe0
Pfad der fehlerhaften Anwendung: RzStats.Manager.exe1
Pfad des fehlerhaften Moduls: RzStats.Manager.exe2
Berichtskennung: RzStats.Manager.exe3
Vollständiger Name des fehlerhaften Pakets: RzStats.Manager.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RzStats.Manager.exe5

Error: (07/19/2015 12:28:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
   bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
   bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
   bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
   bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   bei System.Xml.XmlTextReaderImpl.Read()
   bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
   bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
   bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
   bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
   bei RzDataTrackingManager.Form1..ctor()
   bei RzDataTrackingManager.Program.Main()

Error: (07/18/2015 02:48:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: usbhubC:\windows\system32\usbperf.dll8

Error: (07/18/2015 02:48:27 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.

Error: (07/18/2015 02:48:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: RemoteAccessC:\Windows\System32\rasctrs.dll8

Error: (07/18/2015 02:48:26 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8

Error: (07/18/2015 02:14:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RzStats.Manager.exe, Version: 1.0.0.35, Zeitstempel: 0x548957e0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.17366, Zeitstempel: 0x554d16f6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00010192
ID des fehlerhaften Prozesses: 0x2ee4
Startzeit der fehlerhaften Anwendung: 0xRzStats.Manager.exe0
Pfad der fehlerhaften Anwendung: RzStats.Manager.exe1
Pfad des fehlerhaften Moduls: RzStats.Manager.exe2
Berichtskennung: RzStats.Manager.exe3
Vollständiger Name des fehlerhaften Pakets: RzStats.Manager.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RzStats.Manager.exe5

Error: (07/18/2015 02:14:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
   bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
   bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
   bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
   bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   bei System.Xml.XmlTextReaderImpl.Read()
   bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
   bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
   bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
   bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
   bei RzDataTrackingManager.Form1..ctor()
   bei RzDataTrackingManager.Program.Main()

Error: (07/17/2015 05:07:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RzStats.Manager.exe, Version: 1.0.0.35, Zeitstempel: 0x548957e0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.17366, Zeitstempel: 0x554d16f6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00010192
ID des fehlerhaften Prozesses: 0x22e0
Startzeit der fehlerhaften Anwendung: 0xRzStats.Manager.exe0
Pfad der fehlerhaften Anwendung: RzStats.Manager.exe1
Pfad des fehlerhaften Moduls: RzStats.Manager.exe2
Berichtskennung: RzStats.Manager.exe3
Vollständiger Name des fehlerhaften Pakets: RzStats.Manager.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RzStats.Manager.exe5

Error: (07/17/2015 05:07:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
   bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
   bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
   bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
   bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   bei System.Xml.XmlTextReaderImpl.Read()
   bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
   bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
   bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
   bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
   bei RzDataTrackingManager.Form1..ctor()
   bei RzDataTrackingManager.Program.Main()


System errors:
=============
Error: (06/29/2015 09:35:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/29/2015 09:34:54 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (06/29/2015 09:34:25 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (06/29/2015 09:34:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎29.‎06.‎2015 um 19:57:07 unerwartet heruntergefahren.

Error: (06/28/2015 05:11:18 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.10 mit dem Computer mit der
Netzwerkhardwareadresse 20-68-9D-13-6C-7A ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.

Error: (06/24/2015 09:39:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/24/2015 09:39:18 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (06/24/2015 09:39:14 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000139 (0x0000000000000003, 0xfffff880195ed1e0, 0xfffff880195ed138, 0x0000000000000000)C:\windows\MEMORY.DMP062415-21765-01

Error: (06/24/2015 09:39:12 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎24.‎06.‎2015 um 20:31:37 unerwartet heruntergefahren.

Error: (06/24/2015 09:39:02 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0


Microsoft Office:
=========================
Error: (07/19/2015 12:28:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RzStats.Manager.exe1.0.0.35548957e0KERNELBASE.dll6.2.9200.17366554d16f6e043435200010192121401d0c20daf0acd5aC:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exeC:\windows\SYSTEM32\KERNELBASE.dllf23ee23e-2e00-11e5-bef5-4c72b97327ec

Error: (07/19/2015 12:28:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
   bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
   bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
   bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
   bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   bei System.Xml.XmlTextReaderImpl.Read()
   bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
   bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
   bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
   bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
   bei RzDataTrackingManager.Form1..ctor()
   bei RzDataTrackingManager.Program.Main()

Error: (07/18/2015 02:48:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: usbhubC:\windows\system32\usbperf.dll8

Error: (07/18/2015 02:48:27 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: 

Error: (07/18/2015 02:48:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: RemoteAccessC:\Windows\System32\rasctrs.dll8

Error: (07/18/2015 02:48:26 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8

Error: (07/18/2015 02:14:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RzStats.Manager.exe1.0.0.35548957e0KERNELBASE.dll6.2.9200.17366554d16f6e0434352000101922ee401d0c1533515bc07C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exeC:\windows\SYSTEM32\KERNELBASE.dll802a7d3b-2d46-11e5-bef5-4c72b97327ec

Error: (07/18/2015 02:14:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
   bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
   bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
   bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
   bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   bei System.Xml.XmlTextReaderImpl.Read()
   bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
   bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
   bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
   bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
   bei RzDataTrackingManager.Form1..ctor()
   bei RzDataTrackingManager.Program.Main()

Error: (07/17/2015 05:07:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RzStats.Manager.exe1.0.0.35548957e0KERNELBASE.dll6.2.9200.17366554d16f6e04343520001019222e001d0c0a23b2965e0C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exeC:\windows\SYSTEM32\KERNELBASE.dll85f4919f-2c95-11e5-bef5-4c72b97327ec

Error: (07/17/2015 05:07:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
   bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
   bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
   bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
   bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   bei System.Xml.XmlTextReaderImpl.Read()
   bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
   bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
   bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
   bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
   bei RzDataTrackingManager.Form1..ctor()
   bei RzDataTrackingManager.Program.Main()


CodeIntegrity Errors:
===================================
  Date: 2015-07-18 14:14:20.348
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2015-07-18 14:14:19.049
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2015-07-18 14:14:13.182
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2015-06-30 12:47:31.609
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2015-06-30 12:47:30.812
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2015-06-30 12:47:27.874
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2015-06-26 13:06:11.355
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2015-06-26 13:06:09.031
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2015-06-26 13:06:04.425
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2015-06-11 19:33:47.936
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 12%
Total physical RAM: 16323.54 MB
Available physical RAM: 14228.38 MB
Total Virtual: 32707.54 MB
Available Virtual: 29838.06 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1000.11 GB) (Free:833.46 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.98 GB) (Free:1.46 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive j: (Daten) (Fixed) (Total:849.45 GB) (Free:742.28 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of log ============================

--- --- ---

Edit: Ich habe gerade bemerkt, dass ich FRST nicht als Administrator ausgeführt habe und wollte dies nachholen. Da ich Avast wieder aktiv hatte, wurde FRST wieder als Virus erkannt und in die Quarantäne verschoben. An was liegt das? Ich hatte dieses Problem mit Avast noch nie zuvor...

Win32:Evo-gen

Plagegeister aller Art und deren Bekämpfung: Win32:Evo-gen

Win32:Evo-gen

Ähnliche Themen: Win32:Evo-gen