| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32:Evo-genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.07.2015, 13:18
| #1 |
 |  Win32:Evo-gen Hallo zusammen Avast hat mir bei einem Update schon ein paar Mal anscheinend einen Virus erkannt (Name davon steht im Titel). Ich habe aber auf dem Internet gelesen, dass Evo-gen oftmals auch fälschlicherweise anschlägt... Wie weiss ich jetzt, was genau das ist? Kann mir da jemand weiterhelfen? Dass mein PC schon wieder infiziert ist, kann fast nicht möglich sein, da ich erst vor ca. 1 Monat mit M-K-D-B meinen Rechner überprüft habe... Ein Problem ist auch noch, dass Avast die Datei sofort gelöscht hat und daraus ergeben sich wiederum zwei neue Probleme: 1) Ich kann nicht vollständing Updaten 2) Die schädliche Datei lässt sich nicht finden Danke im Voraus 
__________________ Gruss R4BBIT  9 von 10 Personen mögen Bier...die 10. lügt |
|
18.07.2015, 13:32
| #2 |
| /// the machine /// TB-Ausbilder    | Win32:Evo-gen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
18.07.2015, 13:39
| #3 |
| | Win32:Evo-gen Also ich wollte gerade FRST-64 downloaden, da schlug Avast! mit dem selben Problem an wie bei dem Update (Win64:Evo-gen).
__________________Ich habe dann diesen Download als Ausnahme hinzugefügt, jedoch lässt mich Avast momentan nichts mehr von Filepony downloaden. Die Seite funktioniert jedoch nocht einwandfrei...
__________________ |
|
19.07.2015, 05:50
| #4 |
| /// the machine /// TB-Ausbilder | Win32:Evo-gen Avast komplett abschalten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.07.2015, 11:34
| #5 |
| | Win32:Evo-gen FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Fabian (ATTENTION: The logged in user is not administrator) on PC_FABIAN on 19-07-2015 12:33:29
Running from C:\Users\Fabian.PC_Fabian\Downloads
Loaded Profiles: Fabian (Available Profiles: AdminFabian & Fabian)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> atiesrxx.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> stacsv64.exe
Failed to access process -> a2service.exe
Failed to access process -> svchost.exe
Failed to access process -> AvastSvc.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> HPSupportSolutionsFrameworkService.exe
Failed to access process -> dasHost.exe
Failed to access process -> HeciServer.exe
Failed to access process -> Jhi_service.exe
Failed to access process -> integratedoffice.exe
Failed to access process -> PnkBstrA.exe
Failed to access process -> GameScannerService.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> svchost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> svchost.exe
Failed to access process -> iPodService.exe
Failed to access process -> HPSA_Service.exe
Failed to access process -> HPConnectedRemoteService.exe
Failed to access process -> IntelMeFWService.exe
Failed to access process -> LMS.exe
Failed to access process -> UNS.exe
Failed to access process -> csrss.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe
Failed to access process -> taskhost.exe
Failed to access process -> ngentask.exe
Failed to access process -> TrustedInstaller.exe
Failed to access process -> conhost.exe
Failed to access process -> TiWorker.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiApSrv.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> atieclxx.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Failed to access process -> taskeng.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2068992 2011-12-14] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATORHL] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [OSDTool] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe [2101248 2012-06-13] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [439488 2013-07-09] (Microsoft Corporation)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\6c1ad802-e2fd-464c-9369-8a947592b2a8.exe [183232 2015-06-23] (AVAST Software)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\Run: [SkyDrive] => C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-12-07] (Microsoft Corporation)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314"
Startup: C:\Users\Fabian.PC_Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2013-03-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Fabian.PC_Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2013-03-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-22] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/35
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/35
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/35
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.janosch-nietlispach.ch/news
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/35
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM -> {622E8319-E326-408F-826B-3134D29BE474} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> DefaultScope {F7DD2BAC-CB4E-4503-BA16-78C70DB4B011} URL = https://www.google.ch/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {622E8319-E326-408F-826B-3134D29BE474} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {F7DD2BAC-CB4E-4503-BA16-78C70DB4B011} URL = https://www.google.ch/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2013-02-06] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-22] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2013-02-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2013-02-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2013-02-06] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-02-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A8851342-14E7-401D-B490-4A2FE92AFB41}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Fabian.PC_Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\yvaouxkb.default
FF Homepage: hxxp://www.janosch-nietlispach.ch/news
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1392978341-1441607686-3862372307-1006: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-06]
Chrome:
=======
CHR Profile: C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-19]
CHR Extension: (Google Docs) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-19]
CHR Extension: (Google Drive) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-19]
CHR Extension: (YouTube) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-19]
CHR Extension: (Google Search) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-19]
CHR Extension: (Google Sheets) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-19]
CHR Extension: (Avast Online Security) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Google Wallet) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-19]
CHR Extension: (Gmail) - C:\Users\Fabian.PC_Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [5020520 2015-03-24] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1855064 2012-11-23] (Microsoft Corporation)
R2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76152 2014-10-03] ()
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76152 2015-02-06] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-22] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
R3 fwndis; C:\Windows\system32\DRIVERS\fwndis64.sys [491632 2015-01-01] ()
R1 fwwfp; C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys [414936 2015-01-01] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-19 12:33 - 2015-07-19 12:33 - 00022152 _____ C:\Users\Fabian.PC_Fabian\Downloads\FRST.txt
2015-07-19 12:32 - 2015-07-19 12:33 - 00000000 ____D C:\FRST
2015-07-19 12:30 - 2015-07-19 12:32 - 02134528 _____ (Farbar) C:\Users\Fabian.PC_Fabian\Desktop\FRST64.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-19 12:29 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2015-07-18 16:25 - 2015-06-11 22:42 - 00000080 _____ C:\Users\Fabian.PC_Fabian\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
2015-07-17 18:08 - 2013-02-16 21:06 - 00565248 ___SH C:\Users\Fabian.PC_Fabian\Desktop\Thumbs.db
2015-07-17 18:01 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF
2015-07-17 17:45 - 2015-06-11 20:18 - 00000080 _____ C:\Users\AdminFabian\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
2015-07-17 17:44 - 2015-06-11 20:03 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-07-17 17:43 - 2015-06-11 18:10 - 00000000 ____D C:\Program Files\Rockstar Games
2015-07-17 17:06 - 2012-10-23 19:37 - 00724412 _____ C:\windows\system32\perfh007.dat
2015-07-17 17:06 - 2012-10-23 19:37 - 00163214 _____ C:\windows\system32\perfc007.dat
2015-07-17 17:06 - 2012-07-26 09:28 - 01734152 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-30 12:48 - 2012-07-26 09:21 - 00437724 _____ C:\windows\setupact.log
2015-06-29 21:35 - 2015-03-31 20:10 - 00000000 ____D C:\Program Files (x86)\Emsisoft Internet Security
2015-06-29 21:34 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-27 12:12 - 2013-02-06 22:21 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswsp.sys
2015-06-27 12:10 - 2013-02-05 21:25 - 00000000 ____D C:\Users\Fabian.PC_Fabian\AppData\Local\Packages
2015-06-24 21:39 - 2013-10-31 21:06 - 1023489228 _____ C:\windows\MEMORY.DMP
2015-06-24 21:39 - 2013-10-23 21:17 - 00000000 ____D C:\windows\Minidump
2015-06-23 20:30 - 2013-12-09 21:11 - 00000000 ____D C:\Users\Fabian.PC_Fabian\AppData\Roaming\TS3Client
2015-06-21 08:47 - 2012-08-01 19:02 - 00742100 _____ C:\windows\PFRO.log
==================== Files in the root of some directories =======
2013-02-02 18:13 - 2013-02-02 18:13 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
Some files in TEMP:
====================
C:\Users\AdminFabian\AppData\Local\Temp\GTA_V_Patch_1_0_372_2.exe
C:\Users\Fabian.PC_Fabian\AppData\Local\Temp\GTA_V_Patch_1_0_393_2.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== End of log ============================
[CODE]¨Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Fabian at 2015-07-19 12:34:03
Running from C:\Users\Fabian.PC_Fabian\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
AdminFabian (S-1-5-21-1392978341-1441607686-3862372307-1005 - Administrator - Enabled) => C:\Users\AdminFabian
Administrator (S-1-5-21-1392978341-1441607686-3862372307-500 - Administrator - Disabled)
Fabian (S-1-5-21-1392978341-1441607686-3862372307-1006 - Limited - Enabled) => C:\Users\Fabian.PC_Fabian
Gast (S-1-5-21-1392978341-1441607686-3862372307-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1392978341-1441607686-3862372307-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Internet Security (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Internet Security (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Emsisoft Internet Security (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Catalyst Install Manager (HKLM\...\{BF821093-CFD3-EC1B-B357-6817EE34E5C7}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG7100 series Benutzerregistrierung (HKLM-x32\...\Canon MG7100 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Emsisoft Internet Security (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
eTax.zug 2014 nP 1.3.0 (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\8452-4068-1171-2815) (Version: 1.3.0 - Information Factory AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.7 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{86FD8326-909D-45F5-BB61-0619D0D31293}) (Version: 11.50.0011 - Hewlett-Packard Company)
HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4454.1004 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.6 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.6 (x86 de)) (Version: 38.0.6 - Mozilla)
NWZ-E450 WALKMAN Guide (HKLM-x32\...\{0A6C2811-AD29-473F-8086-F0B401276DEC}) (Version: 2.1.0.17210 - Sony Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
RecImgManager (HKLM-x32\...\{1ECC3992-5E46-4A3B-823F-4228D5B05A83}) (Version: 2.0.26222 - SlimWare Utilities, Inc.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamSpeak 3 Client (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2015-03-23 19:52 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (Whitelisted) ==============
2012-07-04 22:37 - 2012-07-04 22:37 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-05-04 17:42 - 2012-05-04 17:42 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2012-05-04 17:42 - 2012-05-04 17:42 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\sony.com -> sony.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Fabian.PC_Fabian\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\Run: => "SkyDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FBB1C137-790B-486B-A9C9-27B435B298F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{293ABFA0-F8E4-4BEE-989D-E9F5BB71FA8D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF3D2D61-C87A-4D43-9E52-1D6ABDD4012F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3F2898FF-636E-494A-A285-C5E36AF9CFB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C008179C-4E73-43B3-AE1F-761536965182}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{D559845D-EA90-49AC-AA22-87A9048E0C3F}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{B90066BF-D10D-4365-B161-3D91EABEC775}] => (Allow) C:\Users\AdminFabian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2DFB5855-1A34-43A2-BA35-A329FC85E85C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{18FCFA59-65A8-4E08-AFF7-D175F3A69EB5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5DEA5977-AAE4-4705-9CBE-A522CEDE88E6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{89579F59-EFB0-4DCB-9C86-C2F2213A110A}] => (Allow) LPort=2869
FirewallRules: [{5F8EE66C-73FF-4440-ACC8-26DEF876E66E}] => (Allow) LPort=1900
FirewallRules: [{DB8A88AE-0600-4295-88EC-70C0BC252A00}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{05F57B78-2520-4FA8-AE37-EED4AA648917}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{7E4CE3E0-E0A1-4ADF-BB67-48FEF13A388F}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{EAC1CAEE-90CA-4D75-A471-EF0E268AFF38}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [{EF607449-0DA6-4A67-916B-36757CB05CD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Future Soldier\Future Soldier.exe
FirewallRules: [{E5A994C9-B85E-42E6-BBFB-1BF6E259E16C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Future Soldier\Future Soldier.exe
FirewallRules: [TCP Query User{9A101C02-AFA2-4EE8-9018-012E365F5DE4}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe
FirewallRules: [UDP Query User{ED0CF3BB-BC4A-42C6-95CF-60F7B18D1A31}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe
FirewallRules: [TCP Query User{46220C03-5BE5-4E16-87E1-4644B21A49CF}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{FF72C7FF-F4E0-47F5-A1E0-ED12B2EC0FEE}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{2516AA43-DAD4-47EE-9345-8B815227CA08}] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{658CEDA9-859B-4117-8EA9-8DB4A7CE1EB4}] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{25B7CD5D-C18C-429B-B8B9-BE64640530EC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B433DBEC-8EA6-45B9-8863-060CE099D8CC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A8BDCF14-4299-4204-AF95-DC0772D6620B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{56E884CE-DB2E-45A7-A827-87BB7B549121}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4B47B08A-E461-45C5-87F3-0A8F0F53A797}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CEEF249C-ED01-4EEE-81C3-0C4FF075B9AD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FB00654F-36F9-4054-A5FC-D3F89A90DE62}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{397D4BAD-B323-4520-A472-DE71F8919AAF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{32DA7891-EFD1-429C-8BEC-3E009F8C7293}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A374E77-62D3-4697-A0DD-4DB46E457235}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F8555F4A-E8B3-42BC-BA6C-057D3DB93E3B}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{8DE04DB3-882A-41C6-BBF4-56BCABCB5FDD}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{371E1ECE-4267-4F1F-8CE3-3EBA990F67EA}] => (Block) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{190D422E-BD7E-4A1E-ACFF-347D2861C676}] => (Block) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{45106DB0-6892-468E-9F21-01376780DEF8}] => (Allow) LPort=53000
FirewallRules: [{F28299A8-998B-423C-9BF7-BA6745319FAD}] => (Allow) LPort=52000
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/19/2015 12:28:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RzStats.Manager.exe, Version: 1.0.0.35, Zeitstempel: 0x548957e0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.17366, Zeitstempel: 0x554d16f6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00010192
ID des fehlerhaften Prozesses: 0x1214
Startzeit der fehlerhaften Anwendung: 0xRzStats.Manager.exe0
Pfad der fehlerhaften Anwendung: RzStats.Manager.exe1
Pfad des fehlerhaften Moduls: RzStats.Manager.exe2
Berichtskennung: RzStats.Manager.exe3
Vollständiger Name des fehlerhaften Pakets: RzStats.Manager.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RzStats.Manager.exe5
Error: (07/19/2015 12:28:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
bei RzDataTrackingManager.Form1..ctor()
bei RzDataTrackingManager.Program.Main()
Error: (07/18/2015 02:48:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: usbhubC:\windows\system32\usbperf.dll8
Error: (07/18/2015 02:48:27 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (07/18/2015 02:48:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: RemoteAccessC:\Windows\System32\rasctrs.dll8
Error: (07/18/2015 02:48:26 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (07/18/2015 02:14:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RzStats.Manager.exe, Version: 1.0.0.35, Zeitstempel: 0x548957e0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.17366, Zeitstempel: 0x554d16f6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00010192
ID des fehlerhaften Prozesses: 0x2ee4
Startzeit der fehlerhaften Anwendung: 0xRzStats.Manager.exe0
Pfad der fehlerhaften Anwendung: RzStats.Manager.exe1
Pfad des fehlerhaften Moduls: RzStats.Manager.exe2
Berichtskennung: RzStats.Manager.exe3
Vollständiger Name des fehlerhaften Pakets: RzStats.Manager.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RzStats.Manager.exe5
Error: (07/18/2015 02:14:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
bei RzDataTrackingManager.Form1..ctor()
bei RzDataTrackingManager.Program.Main()
Error: (07/17/2015 05:07:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RzStats.Manager.exe, Version: 1.0.0.35, Zeitstempel: 0x548957e0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.17366, Zeitstempel: 0x554d16f6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00010192
ID des fehlerhaften Prozesses: 0x22e0
Startzeit der fehlerhaften Anwendung: 0xRzStats.Manager.exe0
Pfad der fehlerhaften Anwendung: RzStats.Manager.exe1
Pfad des fehlerhaften Moduls: RzStats.Manager.exe2
Berichtskennung: RzStats.Manager.exe3
Vollständiger Name des fehlerhaften Pakets: RzStats.Manager.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RzStats.Manager.exe5
Error: (07/17/2015 05:07:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
bei RzDataTrackingManager.Form1..ctor()
bei RzDataTrackingManager.Program.Main()
System errors:
=============
Error: (06/29/2015 09:35:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/29/2015 09:34:54 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (06/29/2015 09:34:25 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (06/29/2015 09:34:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 29.06.2015 um 19:57:07 unerwartet heruntergefahren.
Error: (06/28/2015 05:11:18 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.10 mit dem Computer mit der
Netzwerkhardwareadresse 20-68-9D-13-6C-7A ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Error: (06/24/2015 09:39:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/24/2015 09:39:18 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (06/24/2015 09:39:14 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000139 (0x0000000000000003, 0xfffff880195ed1e0, 0xfffff880195ed138, 0x0000000000000000)C:\windows\MEMORY.DMP062415-21765-01
Error: (06/24/2015 09:39:12 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 24.06.2015 um 20:31:37 unerwartet heruntergefahren.
Error: (06/24/2015 09:39:02 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Microsoft Office:
=========================
Error: (07/19/2015 12:28:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RzStats.Manager.exe1.0.0.35548957e0KERNELBASE.dll6.2.9200.17366554d16f6e043435200010192121401d0c20daf0acd5aC:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exeC:\windows\SYSTEM32\KERNELBASE.dllf23ee23e-2e00-11e5-bef5-4c72b97327ec
Error: (07/19/2015 12:28:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
bei RzDataTrackingManager.Form1..ctor()
bei RzDataTrackingManager.Program.Main()
Error: (07/18/2015 02:48:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: usbhubC:\windows\system32\usbperf.dll8
Error: (07/18/2015 02:48:27 PM) (Source: usbperf) (EventID: 2001) (User: )
Description:
Error: (07/18/2015 02:48:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: RemoteAccessC:\Windows\System32\rasctrs.dll8
Error: (07/18/2015 02:48:26 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (07/18/2015 02:14:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RzStats.Manager.exe1.0.0.35548957e0KERNELBASE.dll6.2.9200.17366554d16f6e0434352000101922ee401d0c1533515bc07C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exeC:\windows\SYSTEM32\KERNELBASE.dll802a7d3b-2d46-11e5-bef5-4c72b97327ec
Error: (07/18/2015 02:14:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
bei RzDataTrackingManager.Form1..ctor()
bei RzDataTrackingManager.Program.Main()
Error: (07/17/2015 05:07:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RzStats.Manager.exe1.0.0.35548957e0KERNELBASE.dll6.2.9200.17366554d16f6e04343520001019222e001d0c0a23b2965e0C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exeC:\windows\SYSTEM32\KERNELBASE.dll85f4919f-2c95-11e5-bef5-4c72b97327ec
Error: (07/17/2015 05:07:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
bei RzDataTrackingManager.Form1..ctor()
bei RzDataTrackingManager.Program.Main()
CodeIntegrity Errors:
===================================
Date: 2015-07-18 14:14:20.348
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-07-18 14:14:19.049
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-07-18 14:14:13.182
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-30 12:47:31.609
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-30 12:47:30.812
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-30 12:47:27.874
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-26 13:06:11.355
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-26 13:06:09.031
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-26 13:06:04.425
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-11 19:33:47.936
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 12%
Total physical RAM: 16323.54 MB
Available physical RAM: 14228.38 MB
Total Virtual: 32707.54 MB
Available Virtual: 29838.06 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1000.11 GB) (Free:833.46 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.98 GB) (Free:1.46 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive j: (Daten) (Fixed) (Total:849.45 GB) (Free:742.28 GB) NTFS
==================== MBR & Partition Table ==================
==================== End of log ============================
Edit: Ich habe gerade bemerkt, dass ich FRST nicht als Administrator ausgeführt habe und wollte dies nachholen. Da ich Avast wieder aktiv hatte, wurde FRST wieder als Virus erkannt und in die Quarantäne verschoben. An was liegt das? Ich hatte dieses Problem mit Avast noch nie zuvor...
__________________ Gruss R4BBIT 9 von 10 Personen mögen Bier...die 10. lügt Geändert von R4BBIT (19.07.2015 um 12:33 Uhr) |
|
20.07.2015, 07:28
| #6 |
| /// the machine /// TB-Ausbilder | Win32:Evo-gen Ist ne aktuelle, generische Fehlerkennung von Avast. Avast abschalten, FRST im Adminaccount laufen lassen
__________________ --> Win32:Evo-gen |
|
20.07.2015, 11:06
| #7 |
| | Win32:Evo-genFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by AdminFabian (administrator) on PC_FABIAN on 20-07-2015 12:05:33
Running from C:\Users\Fabian.PC_Fabian\Desktop
Loaded Profiles: AdminFabian & Fabian (Available Profiles: AdminFabian & Fabian)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17280_none_6224eed751126779\TiWorker.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2068992 2011-12-14] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATORHL] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [OSDTool] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe [2101248 2012-06-13] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [439488 2013-07-09] (Microsoft Corporation)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\6c1ad802-e2fd-464c-9369-8a947592b2a8.exe [183232 2015-06-23] (AVAST Software)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\Run: [SkyDrive] => C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-12-07] (Microsoft Corporation)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314"
Startup: C:\Users\Fabian.PC_Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2013-03-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-22] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/35
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/35
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/35
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/35
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.janosch-nietlispach.ch/news
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/35
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM -> {622E8319-E326-408F-826B-3134D29BE474} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1005 -> {622E8319-E326-408F-826B-3134D29BE474} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> DefaultScope {F7DD2BAC-CB4E-4503-BA16-78C70DB4B011} URL = https://www.google.ch/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {622E8319-E326-408F-826B-3134D29BE474} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {F7DD2BAC-CB4E-4503-BA16-78C70DB4B011} URL = https://www.google.ch/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2013-02-06] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-22] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2013-02-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2013-02-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2013-02-06] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-1392978341-1441607686-3862372307-1005 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-02-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A8851342-14E7-401D-B490-4A2FE92AFB41}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1392978341-1441607686-3862372307-1006: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-06]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [5020520 2015-03-24] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1855064 2012-11-23] (Microsoft Corporation)
R2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76152 2014-10-03] ()
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76152 2015-02-06] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-22] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
R3 fwndis; C:\Windows\system32\DRIVERS\fwndis64.sys [491632 2015-01-01] ()
R1 fwwfp; C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys [414936 2015-01-01] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-20 12:04 - 2015-07-20 12:04 - 02134528 _____ (Farbar) C:\Users\Fabian.PC_Fabian\Desktop\FRST64.exe
2015-07-19 12:35 - 2015-07-20 12:05 - 00021015 _____ C:\Users\Fabian.PC_Fabian\Desktop\FRST.txt
2015-07-19 12:35 - 2015-07-19 12:35 - 00039570 _____ C:\Users\Fabian.PC_Fabian\Desktop\Addition.txt
2015-07-19 12:34 - 2015-07-19 12:34 - 00039570 _____ C:\Users\Fabian.PC_Fabian\Downloads\Addition.txt
2015-07-19 12:33 - 2015-07-19 12:34 - 00025888 _____ C:\Users\Fabian.PC_Fabian\Downloads\FRST.txt
2015-07-19 12:32 - 2015-07-20 12:05 - 00000000 ____D C:\FRST
2015-06-24 21:39 - 2015-06-24 21:39 - 00280008 _____ C:\windows\Minidump\062415-21765-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-19 19:02 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2015-07-19 17:45 - 2013-02-05 21:31 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1392978341-1441607686-3862372307-1006
2015-07-19 12:42 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF
2015-07-18 16:25 - 2015-06-11 22:42 - 00000080 _____ C:\Users\Fabian.PC_Fabian\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
2015-07-17 18:08 - 2013-02-16 21:06 - 00565248 ___SH C:\Users\Fabian.PC_Fabian\Desktop\Thumbs.db
2015-07-17 17:45 - 2015-06-11 20:18 - 00000080 _____ C:\Users\AdminFabian\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
2015-07-17 17:44 - 2015-06-11 20:03 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-07-17 17:43 - 2015-06-11 18:10 - 00000000 ____D C:\Program Files\Rockstar Games
2015-07-17 17:06 - 2012-10-23 19:37 - 00724412 _____ C:\windows\system32\perfh007.dat
2015-07-17 17:06 - 2012-10-23 19:37 - 00163214 _____ C:\windows\system32\perfc007.dat
2015-07-17 17:06 - 2012-07-26 09:28 - 01734152 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-30 17:55 - 2013-02-06 22:21 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-06-30 12:48 - 2012-07-26 09:21 - 00437724 _____ C:\windows\setupact.log
2015-06-29 21:35 - 2015-03-31 20:10 - 00000000 ____D C:\Program Files (x86)\Emsisoft Internet Security
2015-06-29 21:34 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-27 12:12 - 2013-02-06 22:21 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswsp.sys
2015-06-27 12:10 - 2013-02-05 21:25 - 00000000 ____D C:\Users\Fabian.PC_Fabian\AppData\Local\Packages
2015-06-24 21:39 - 2013-10-31 21:06 - 1023489228 _____ C:\windows\MEMORY.DMP
2015-06-24 21:39 - 2013-10-23 21:17 - 00000000 ____D C:\windows\Minidump
2015-06-23 20:30 - 2013-12-09 21:11 - 00000000 ____D C:\Users\Fabian.PC_Fabian\AppData\Roaming\TS3Client
2015-06-21 08:47 - 2012-08-01 19:02 - 00742100 _____ C:\windows\PFRO.log
==================== Files in the root of some directories =======
2013-02-02 18:13 - 2013-02-02 18:13 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
Some files in TEMP:
====================
C:\Users\AdminFabian\AppData\Local\temp\GTA_V_Patch_1_0_372_2.exe
C:\Users\Fabian.PC_Fabian\AppData\Local\temp\GTA_V_Patch_1_0_393_2.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-30 12:46
==================== End of log ============================
[CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by AdminFabian at 2015-07-20 12:06:10
Running from C:\Users\Fabian.PC_Fabian\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
AdminFabian (S-1-5-21-1392978341-1441607686-3862372307-1005 - Administrator - Enabled) => C:\Users\AdminFabian
Administrator (S-1-5-21-1392978341-1441607686-3862372307-500 - Administrator - Disabled)
Fabian (S-1-5-21-1392978341-1441607686-3862372307-1006 - Limited - Enabled) => C:\Users\Fabian.PC_Fabian
Gast (S-1-5-21-1392978341-1441607686-3862372307-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1392978341-1441607686-3862372307-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Internet Security (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Internet Security (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Emsisoft Internet Security (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Catalyst Install Manager (HKLM\...\{BF821093-CFD3-EC1B-B357-6817EE34E5C7}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG7100 series Benutzerregistrierung (HKLM-x32\...\Canon MG7100 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Emsisoft Internet Security (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
eTax.zug 2014 nP 1.3.0 (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\8452-4068-1171-2815) (Version: 1.3.0 - Information Factory AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.7 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{86FD8326-909D-45F5-BB61-0619D0D31293}) (Version: 11.50.0011 - Hewlett-Packard Company)
HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4454.1004 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.6 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.6 (x86 de)) (Version: 38.0.6 - Mozilla)
NWZ-E450 WALKMAN Guide (HKLM-x32\...\{0A6C2811-AD29-473F-8086-F0B401276DEC}) (Version: 2.1.0.17210 - Sony Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
RecImgManager (HKLM-x32\...\{1ECC3992-5E46-4A3B-823F-4228D5B05A83}) (Version: 2.0.26222 - SlimWare Utilities, Inc.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamSpeak 3 Client (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
09-06-2015 17:32:30 Ende der Bereinigung
29-06-2015 18:28:47 Geplanter Prüfpunkt
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2015-03-23 19:52 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E1975F3-5D81-4CA8-8E07-168E2CD1DF5D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2012-08-15] (Hewlett-Packard Company)
Task: {5F63D142-E881-4C1E-A6BB-D4956C70E5A0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-20] (Avast Software s.r.o.)
Task: {74BEDB4E-487E-4F08-808D-3CD98A22F124} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {A1A2ED89-121A-490A-82B2-89AD676F45C0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-11] (Microsoft Corporation)
Task: {E0CF2BA3-882C-4D8E-9580-68B42A1AA8D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {F6E24018-619A-4763-9815-BEF6CF60CD7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {F7C59E27-327A-406B-8FAB-A1B6132D4BA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (Whitelisted) ==============
2013-02-05 23:21 - 2012-11-10 11:28 - 00382544 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-02-05 23:21 - 2012-11-23 19:07 - 00513600 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-02-05 23:21 - 2012-11-23 19:07 - 00607296 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-04-10 17:46 - 2015-02-06 20:08 - 00076152 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2014-12-10 00:22 - 2014-12-10 00:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2012-08-29 11:02 - 2012-08-29 11:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2012-07-04 22:37 - 2012-07-04 22:37 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-05-04 17:42 - 2012-05-04 17:42 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2012-05-04 17:42 - 2012-05-04 17:42 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2015-04-22 18:20 - 2015-04-22 18:20 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-22 18:20 - 2015-04-22 18:20 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-28 17:19 - 2015-06-28 17:19 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062800\algo.dll
2015-07-19 13:35 - 2015-07-19 13:35 - 02956800 _____ () C:\Program Files\AVAST Software\Avast\defs\15071900\algo.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-23 10:52 - 2012-07-18 10:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-10-23 10:58 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-10-23 10:59 - 2009-02-19 18:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.DLL
2015-04-22 18:20 - 2015-04-22 18:20 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\sony.com -> sony.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Fabian.PC_Fabian\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\Run: => "SkyDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FBB1C137-790B-486B-A9C9-27B435B298F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{293ABFA0-F8E4-4BEE-989D-E9F5BB71FA8D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF3D2D61-C87A-4D43-9E52-1D6ABDD4012F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3F2898FF-636E-494A-A285-C5E36AF9CFB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C008179C-4E73-43B3-AE1F-761536965182}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{D559845D-EA90-49AC-AA22-87A9048E0C3F}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{B90066BF-D10D-4365-B161-3D91EABEC775}] => (Allow) C:\Users\AdminFabian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2DFB5855-1A34-43A2-BA35-A329FC85E85C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{18FCFA59-65A8-4E08-AFF7-D175F3A69EB5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5DEA5977-AAE4-4705-9CBE-A522CEDE88E6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{89579F59-EFB0-4DCB-9C86-C2F2213A110A}] => (Allow) LPort=2869
FirewallRules: [{5F8EE66C-73FF-4440-ACC8-26DEF876E66E}] => (Allow) LPort=1900
FirewallRules: [{DB8A88AE-0600-4295-88EC-70C0BC252A00}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{05F57B78-2520-4FA8-AE37-EED4AA648917}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{7E4CE3E0-E0A1-4ADF-BB67-48FEF13A388F}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{EAC1CAEE-90CA-4D75-A471-EF0E268AFF38}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [{EF607449-0DA6-4A67-916B-36757CB05CD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Future Soldier\Future Soldier.exe
FirewallRules: [{E5A994C9-B85E-42E6-BBFB-1BF6E259E16C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Future Soldier\Future Soldier.exe
FirewallRules: [TCP Query User{9A101C02-AFA2-4EE8-9018-012E365F5DE4}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe
FirewallRules: [UDP Query User{ED0CF3BB-BC4A-42C6-95CF-60F7B18D1A31}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe
FirewallRules: [TCP Query User{46220C03-5BE5-4E16-87E1-4644B21A49CF}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{FF72C7FF-F4E0-47F5-A1E0-ED12B2EC0FEE}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{2516AA43-DAD4-47EE-9345-8B815227CA08}] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{658CEDA9-859B-4117-8EA9-8DB4A7CE1EB4}] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{25B7CD5D-C18C-429B-B8B9-BE64640530EC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B433DBEC-8EA6-45B9-8863-060CE099D8CC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A8BDCF14-4299-4204-AF95-DC0772D6620B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{56E884CE-DB2E-45A7-A827-87BB7B549121}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4B47B08A-E461-45C5-87F3-0A8F0F53A797}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CEEF249C-ED01-4EEE-81C3-0C4FF075B9AD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FB00654F-36F9-4054-A5FC-D3F89A90DE62}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{397D4BAD-B323-4520-A472-DE71F8919AAF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{32DA7891-EFD1-429C-8BEC-3E009F8C7293}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A374E77-62D3-4697-A0DD-4DB46E457235}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F8555F4A-E8B3-42BC-BA6C-057D3DB93E3B}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{8DE04DB3-882A-41C6-BBF4-56BCABCB5FDD}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{371E1ECE-4267-4F1F-8CE3-3EBA990F67EA}] => (Block) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{190D422E-BD7E-4A1E-ACFF-347D2861C676}] => (Block) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{45106DB0-6892-468E-9F21-01376780DEF8}] => (Allow) LPort=53000
FirewallRules: [{F28299A8-998B-423C-9BF7-BA6745319FAD}] => (Allow) LPort=52000
==================== Faulty Device Manager Devices =============
Name: WAN Miniport (IPv6) - Emsisoft Firewall Miniport
Description: Emsisoft Firewall Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Emsisoft
Service: fwndis
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/20/2015 12:04:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RzStats.Manager.exe, Version: 1.0.0.35, Zeitstempel: 0x548957e0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.17366, Zeitstempel: 0x554d16f6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00010192
ID des fehlerhaften Prozesses: 0xf70
Startzeit der fehlerhaften Anwendung: 0xRzStats.Manager.exe0
Pfad der fehlerhaften Anwendung: RzStats.Manager.exe1
Pfad des fehlerhaften Moduls: RzStats.Manager.exe2
Berichtskennung: RzStats.Manager.exe3
Vollständiger Name des fehlerhaften Pakets: RzStats.Manager.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RzStats.Manager.exe5
Error: (07/20/2015 12:04:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
bei RzDataTrackingManager.Form1..ctor()
bei RzDataTrackingManager.Program.Main()
Error: (07/19/2015 05:40:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RzStats.Manager.exe, Version: 1.0.0.35, Zeitstempel: 0x548957e0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.17366, Zeitstempel: 0x554d16f6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00010192
ID des fehlerhaften Prozesses: 0x3088
Startzeit der fehlerhaften Anwendung: 0xRzStats.Manager.exe0
Pfad der fehlerhaften Anwendung: RzStats.Manager.exe1
Pfad des fehlerhaften Moduls: RzStats.Manager.exe2
Berichtskennung: RzStats.Manager.exe3
Vollständiger Name des fehlerhaften Pakets: RzStats.Manager.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RzStats.Manager.exe5
Error: (07/19/2015 05:40:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
bei RzDataTrackingManager.Form1..ctor()
bei RzDataTrackingManager.Program.Main()
Error: (07/19/2015 12:28:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RzStats.Manager.exe, Version: 1.0.0.35, Zeitstempel: 0x548957e0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.17366, Zeitstempel: 0x554d16f6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00010192
ID des fehlerhaften Prozesses: 0x1214
Startzeit der fehlerhaften Anwendung: 0xRzStats.Manager.exe0
Pfad der fehlerhaften Anwendung: RzStats.Manager.exe1
Pfad des fehlerhaften Moduls: RzStats.Manager.exe2
Berichtskennung: RzStats.Manager.exe3
Vollständiger Name des fehlerhaften Pakets: RzStats.Manager.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RzStats.Manager.exe5
Error: (07/19/2015 12:28:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
bei RzDataTrackingManager.Form1..ctor()
bei RzDataTrackingManager.Program.Main()
Error: (07/18/2015 02:48:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: usbhubC:\windows\system32\usbperf.dll8
Error: (07/18/2015 02:48:27 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (07/18/2015 02:48:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: RemoteAccessC:\Windows\System32\rasctrs.dll8
Error: (07/18/2015 02:48:26 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
System errors:
=============
Error: (07/20/2015 12:03:16 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 0.0.0.0 mit dem Computer mit der
Netzwerkhardwareadresse 00-00-00-00-00-00 ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Error: (06/29/2015 09:35:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/29/2015 09:34:54 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (06/29/2015 09:34:25 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (06/29/2015 09:34:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 29.06.2015 um 19:57:07 unerwartet heruntergefahren.
Error: (06/28/2015 05:11:18 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.10 mit dem Computer mit der
Netzwerkhardwareadresse 20-68-9D-13-6C-7A ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Error: (06/24/2015 09:39:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/24/2015 09:39:18 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (06/24/2015 09:39:14 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000139 (0x0000000000000003, 0xfffff880195ed1e0, 0xfffff880195ed138, 0x0000000000000000)C:\windows\MEMORY.DMP062415-21765-01
Error: (06/24/2015 09:39:12 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 24.06.2015 um 20:31:37 unerwartet heruntergefahren.
Microsoft Office:
=========================
Error: (07/20/2015 12:04:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RzStats.Manager.exe1.0.0.35548957e0KERNELBASE.dll6.2.9200.17366554d16f6e043435200010192f7001d0c2d36a684b5aC:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exeC:\windows\SYSTEM32\KERNELBASE.dllb34877c4-2ec6-11e5-bef5-4c72b97327ec
Error: (07/20/2015 12:04:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
bei RzDataTrackingManager.Form1..ctor()
bei RzDataTrackingManager.Program.Main()
Error: (07/19/2015 05:40:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RzStats.Manager.exe1.0.0.35548957e0KERNELBASE.dll6.2.9200.17366554d16f6e043435200010192308801d0c2392bb03129C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exeC:\windows\SYSTEM32\KERNELBASE.dll74864cb5-2e2c-11e5-bef5-4c72b97327ec
Error: (07/19/2015 05:40:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
bei RzDataTrackingManager.Form1..ctor()
bei RzDataTrackingManager.Program.Main()
Error: (07/19/2015 12:28:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RzStats.Manager.exe1.0.0.35548957e0KERNELBASE.dll6.2.9200.17366554d16f6e043435200010192121401d0c20daf0acd5aC:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exeC:\windows\SYSTEM32\KERNELBASE.dllf23ee23e-2e00-11e5-bef5-4c72b97327ec
Error: (07/19/2015 12:28:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
bei System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Char[], Int32, Int32)
bei System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.Linq.XDocument.Load(System.Xml.XmlReader, System.Xml.Linq.LoadOptions)
bei System.Xml.Linq.XDocument.Load(System.String, System.Xml.Linq.LoadOptions)
bei RzDataTrackingManager.DataHistoryManager.getLastUpdate(System.String)
bei RzDataTrackingManager.DataHistoryManager.CopyFromOffline()
bei RzDataTrackingManager.Form1..ctor()
bei RzDataTrackingManager.Program.Main()
Error: (07/18/2015 02:48:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: usbhubC:\windows\system32\usbperf.dll8
Error: (07/18/2015 02:48:27 PM) (Source: usbperf) (EventID: 2001) (User: )
Description:
Error: (07/18/2015 02:48:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: RemoteAccessC:\Windows\System32\rasctrs.dll8
Error: (07/18/2015 02:48:26 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
CodeIntegrity Errors:
===================================
Date: 2015-07-18 14:14:20.348
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-07-18 14:14:19.049
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-07-18 14:14:13.182
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-30 12:47:31.609
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-30 12:47:30.812
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-30 12:47:27.874
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-26 13:06:11.355
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-26 13:06:09.031
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-26 13:06:04.425
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-11 19:33:47.936
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 13%
Total physical RAM: 16323.54 MB
Available physical RAM: 14111.55 MB
Total Virtual: 32707.54 MB
Available Virtual: 29761.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1000.11 GB) (Free:833.31 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.98 GB) (Free:1.46 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive j: (Daten) (Fixed) (Total:849.45 GB) (Free:742.28 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 0ABD2367)
Partition: GPT Partition Type.
==================== End of log ============================
__________________ Gruss R4BBIT 9 von 10 Personen mögen Bier...die 10. lügt |
|
21.07.2015, 06:48
| #8 |
| /// the machine /// TB-Ausbilder | Win32:Evo-gen alles gut
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.07.2015, 07:29
| #9 |
| | Win32:Evo-gen Perfekt! Das freut mich  Jetzt hätte ich dazu noch eine Frage: Die Virus-Meldung kam ja im Zusammenhang mit einem Update. Dieses Update wurde über das Internet heruntergeladen und dann durch Avast gestoppt (mit der Meldung gemäss Titel). Ohne dieses Update ist das Programm aber leider nicht mehr funktionstüchtig und konnte wegen Avast auch gar nicht fertiggestellt werden… Kannst du mir da weiterhelfen? (Falls nötig kann ich dir das Ganze auch noch genauer schildern und das Bild mit der Meldung von Avast zeigen.)
__________________ Gruss R4BBIT 9 von 10 Personen mögen Bier...die 10. lügt |
|
21.07.2015, 17:26
| #10 |
| /// the machine /// TB-Ausbilder | Win32:Evo-gen ja bitte mal genauer schildern
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.07.2015, 19:40
| #11 |
| | Win32:Evo-gen Also; ich gebe mein Bestes. Ich habe mir vor Kurzem GTA V gekauft und das auch ein paar mal gespielt. Jetzt war ich gerade eben 2.5 Wochen in den Ferien und während dessen gab es von Rockstar (Ersteller von GTA) ein Update. Um zu spielen ist das Update unumgänglich. Das Update wird (wie eigentlich überall) über das Internet heruntergeladen. Gegen Ende des Updates kam dann die Meldung von Avast. Ich dachte dann, dass Avast Alles "schlechte" gelöscht hat und habe dann das Update erneut gestartet. Jedoch trat dann das Selbe Problem auf und ich habe hier den Thread erstellt. Ich verstehe zwar noch nicht so viel von Informatik, aber ich denke das dieser Virus sozusagen über das Update "eingeschleusst" wird. Das Update wird über den sogenannten "Update Launcher.exe" ausgeführt... Das war so ziemlich Alles was ich dazu sagen kann...gerne würde ich dir das Bild der Meldung zeigen, jedoch weiss ich nicht wie ^^ Ich müsste die irgendwo auf dem Internet hochladen; oder geht das anders? Ich hoffe, dass hilft so weiter...
__________________ Gruss R4BBIT 9 von 10 Personen mögen Bier...die 10. lügt Geändert von R4BBIT (21.07.2015 um 19:43 Uhr) Grund: Fehler |
|
22.07.2015, 08:09
| #12 |
| /// the machine /// TB-Ausbilder | Win32:Evo-gen Avast während des Updates abschalten, ist mit Sicherheit ein Fehlalarm
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.07.2015, 08:22
| #13 |
| | Win32:Evo-gen Ok; werd ich machen! Hat Avast in dem Fall in letzter Zeit gewisse Probleme mit Fehlanzeigen? Werde mir aber eh diese Woche noch Emsisoft kaufen; von da her wird mich Avast auch nicht mehr weiter interessieren  Herzlichen Dank für deine Hilfe!
__________________ Gruss R4BBIT 9 von 10 Personen mögen Bier...die 10. lügt |
|
22.07.2015, 08:25
| #14 |
| /// the machine /// TB-Ausbilder | Win32:Evo-gen sagen wir mal so, öfter
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.07.2015, 11:57
| #15 |
| | Win32:Evo-gen Ah gut; dann weiss ich Bescheid! Danke
__________________ Gruss R4BBIT 9 von 10 Personen mögen Bier...die 10. lügt |
|
| Themen zu Win32:Evo-gen |
| daraus, erkannt, evo-gen, gelöscht, infiziert, interne, internet, problem, probleme, rechner, schädliche, sofort, update, weiterhelfen, win32:evo-gea, win32:evo-gen, win32:evo-gen susp, überprüft |
Linear-Darstellung
