Habe in der Aufregung ganz vergessen, mich für die schnelle Hilfe zu bedanken.
Wirklich einsame Spitze!:dankeschoen:
Ist mir grad eingefallen: :rolleyes:
Habe bei einem Update vor ein paar Wochen McAfee durch ein vergessendes Häckchen "geschenkt" bekommen.:twak: Würde diese Krankheit gerne wieder loswerden.
Und wenn wir schon dabei sind, Dolby Advanced Audio funktioniert irgendwie nicht mehr.
Bekomme laufend eine Fehlermeldung beim Hochfahren des Rechners.
Das Löschen der Programme ging völlig problemfrei und ohne erkennbare Folgen über windows + X. Keine Ahnung warum das so funktioniert.
Da nach dem Malwarebytes Anti Malware Scan der Computer sich neustartete, habe ich nun keine Ahnung ob ich das Suchlauf- oder das Löschen Protokoll vom Adw Cleaner senden soll. Folgend einfach beides:
1. Suchlauf- Code:
# AdwCleaner v4.206 - Bericht erstellt 09/06/2015 um 16:20:56
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-09.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Alex - MEINPC
# Gestarted von : C:\Users\Alex\Downloads\AdwCleaner_4.206.exe
# Option : Suchlauf
***** [ Dienste ] *****
Dienst Gefunden : vToolbarUpdater18.5.0
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\END
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\WINDOWS\Reimage.ini
Ordner Gefunden : C:\Program Files (x86)\Amazon\ABB
Ordner Gefunden : C:\Program Files (x86)\AVG Secure Search
Ordner Gefunden : C:\Program Files (x86)\Browser Guard
Ordner Gefunden : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gefunden : C:\Program Files\AVG Secure Search
Ordner Gefunden : C:\Program Files\Reimage
Ordner Gefunden : C:\ProgramData\AVG Secure Search
Ordner Gefunden : C:\ProgramData\AVG Security Toolbar
Ordner Gefunden : C:\Users\Alex\AppData\Local\AVG Secure Search
Ordner Gefunden : C:\Users\Alex\AppData\LocalLow\AVG Secure Search
Ordner Gefunden : C:\Users\Alex\AppData\Roaming\DesktopIconForAmazon
***** [ Geplante Tasks ] *****
Task Gefunden : AVG-Secure-Search-Update_JUNE2013_HP_rmv
Task Gefunden : AVG-Secure-Search-Update_JUNE2013_TB_rmv
Task Gefunden : AVG-Secure-Search-Update_JUNE2013_HP_rmv
Task Gefunden : AVG-Secure-Search-Update_JUNE2013_TB_rmv
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Reimage
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\AVG Secure Search
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\Reimage
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Avg Secure Update
Schlüssel Gefunden : HKLM\SOFTWARE\AVG Security Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Guard
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Reimage
Schlüssel Gefunden : HKU\.DEFAULT\Software\Avg Secure Update
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
Einstellung Gefunden : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.avg.com?cid={B51EAC24-1134-4420-97E4-ED670992CFA8}&mid=02346c957dbd47d09dc2115d7b2fe55d-524c8e6a0f0bbe00d7a4b61f56c9d489ef6f92bc&lang=de&ds=AVG&coid=&cmpid=&pr=fr&d=2013-01-21 15:11:22&v=18.3.0.885&pid=avg&sg=0&sap=hp
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.avg.com?cid={B51EAC24-1134-4420-97E4-ED670992CFA8}&mid=02346c957dbd47d09dc2115d7b2fe55d-524c8e6a0f0bbe00d7a4b61f56c9d489ef6f92bc&lang=de&ds=AVG&coid=&cmpid=&pr=fr&d=2013-01-21 15:11:22&v=18.5.0.909&pid=avg&sg=0&sap=hp
-\\ Mozilla Firefox v38.0.5 (x86 de)
[o1igdygb.default] - Zeile Gefunden : user_pref("extensions.xpiState", "{\"winreg-app-user\":{\"{e4f94d1e-2f53-401e-8885-681602c0ddd8}\":{\"d\":\"C:\\\\ProgramData\\\\McAfee Security Scan\\\\Extensions\\\\{e4f94d1e-2f53-401e-8885-681602c0[...]
[o1igdygb.default] - Zeile Gefunden : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={B51EAC24-1134-4420-97E4-ED670992CFA8}&mid=02346c957dbd47d09dc2115d7b2fe55d-524c8e6a0f0bbe00d7a4b61f56c9d489ef6f92bc&lang=de&ds=AVG&pr=fr&d=[...]
*************************
AdwCleaner[R0].txt - [10191 Bytes] - [09/06/2015 16:20:56]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10251 Bytes] ##########
2. Löschprotokoll Code:
# AdwCleaner v4.206 - Bericht erstellt 09/06/2015 um 16:22:34
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-09.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Alex - MEINPC
# Gestarted von : C:\Users\Alex\Downloads\AdwCleaner_4.206.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : vToolbarUpdater18.5.0
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Amazon\ABB
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Browser Guard
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\Reimage
Ordner Gelöscht : C:\Users\Alex\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Alex\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\DesktopIconForAmazon
Datei Gelöscht : C:\END
Datei Gelöscht : C:\WINDOWS\Reimage.ini
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
***** [ Geplante Tasks ] *****
Task Gelöscht : AVG-Secure-Search-Update_JUNE2013_HP_rmv
Task Gelöscht : AVG-Secure-Search-Update_JUNE2013_TB_rmv
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Avg Secure Update
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Avg Secure Update
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Guard
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
Einstellung Wiederhergestellt : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v38.0.5 (x86 de)
[o1igdygb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"winreg-app-user\":{\"{e4f94d1e-2f53-401e-8885-681602c0ddd8}\":{\"d\":\"C:\\\\ProgramData\\\\McAfee Security Scan\\\\Extensions\\\\{e4f94d1e-2f53-401e-8885-681602c0[...]
[o1igdygb.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={B51EAC24-1134-4420-97E4-ED670992CFA8}&mid=02346c957dbd47d09dc2115d7b2fe55d-524c8e6a0f0bbe00d7a4b61f56c9d489ef6f92bc&lang=de&ds=AVG&pr=fr&d=[...]
*************************
AdwCleaner[R0].txt - [10419 Bytes] - [09/06/2015 16:20:56]
AdwCleaner[S0].txt - [9279 Bytes] - [09/06/2015 16:22:34]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9338 Bytes] ##########
Malwarebytes Anti Malware funktionierte, bis auf den Neustart gut. 7 Dateien schlummern grade in Quarantäne. Folgend das Log: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 09.06.2015
Suchlauf-Zeit: 16:39:07
Logdatei: Malwarebytes Anti-Maleware.txt
Administrator: Ja
Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Alex
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 422379
Verstrichene Zeit: 17 Min, 33 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 7
PUP.Optional.BrowserGuard.A, HKLM\SOFTWARE\CLASSES\CLSID\{02a0d829-4393-46fc-a37e-126263035883}, , [077270d3f991b581b65020fcc043b54b],
PUP.Optional.BrowserGuard.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{02A0D829-4393-46FC-A37E-126263035883}, , [077270d3f991b581b65020fcc043b54b],
PUP.Optional.BrowserGuard.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{02A0D829-4393-46FC-A37E-126263035883}, , [077270d3f991b581b65020fcc043b54b],
PUP.Optional.BrowserGuard.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{02A0D829-4393-46FC-A37E-126263035883}, , [077270d3f991b581b65020fcc043b54b],
PUP.Optional.BrowserGuard.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{02A0D829-4393-46FC-A37E-126263035883}, , [077270d3f991b581b65020fcc043b54b],
PUP.Optional.BrowserGuard.A, HKU\S-1-5-21-1984589660-2839984093-1293527628-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{02A0D829-4393-46FC-A37E-126263035883}, , [077270d3f991b581b65020fcc043b54b],
PUP.Optional.BrowserGuard.A, HKU\S-1-5-21-1984589660-2839984093-1293527628-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{02A0D829-4393-46FC-A37E-126263035883}, , [077270d3f991b581b65020fcc043b54b],
Registrierungswerte: 0
(Keine schädliche Elemente gefunden)
Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)
Ordner: 0
(Keine schädliche Elemente gefunden)
Dateien: 0
(Keine schädliche Elemente gefunden)
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end)
Und zum Schluss nochmal FRST:
FRST.txt:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Alex (administrator) on MEINPC on 09-06-2015 17:43:31
Running from C:\Users\Alex\Documents\Alex\Anti-Malware Software
Loaded Profiles: Alex (Available Profiles: UpdatusUser & Alex)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-10-14] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-10-14] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1984589660-2839984093-1293527628-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2015-04-22]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-10-14]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-12-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2012-12-14] (IvoSoft)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2012-12-14] (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1984589660-2839984093-1293527628-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-1984589660-2839984093-1293527628-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-1984589660-2839984093-1293527628-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1984589660-2839984093-1293527628-1002 -> {D295223D-F8A1-46EE-9164-058C147794D3} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2012-12-14] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2012-12-14] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2012-12-14] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2012-12-14] (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\o1igdygb.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1984589660-2839984093-1293527628-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-08-27] (Unity Technologies ApS)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-1984589660-2839984093-1293527628-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953720 2012-08-26] (Broadcom Corporation.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-14] (IvoSoft) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2014-11-04] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-06-08] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-09 16:57 - 2015-06-09 17:10 - 00001684 _____ C:\Users\Alex\Desktop\AdwCleaner_4.206.exe - Verknüpfung.lnk
2015-06-09 16:55 - 2015-06-09 16:55 - 00001137 _____ C:\Users\Alex\Desktop\FRST64.exe - Verknüpfung.lnk
2015-06-09 16:38 - 2015-06-09 17:06 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-09 16:37 - 2015-06-09 16:37 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-09 16:37 - 2015-06-09 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-09 16:37 - 2015-06-09 16:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-09 16:37 - 2015-06-09 16:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-09 16:37 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-09 16:37 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-09 16:37 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-09 16:20 - 2015-06-09 17:11 - 00000000 ____D C:\AdwCleaner
2015-06-09 06:24 - 2015-06-09 06:24 - 00047124 _____ C:\Users\Alex\Downloads\Addition.txt
2015-06-09 06:22 - 2015-06-09 17:43 - 00000000 ____D C:\FRST
2015-06-09 06:22 - 2015-06-09 06:25 - 00035493 _____ C:\Users\Alex\Downloads\FRST.txt
2015-06-08 06:57 - 2015-06-08 06:57 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-06-08 06:55 - 2015-06-08 06:56 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Alex\Downloads\SpyHunter-Installer.exe
2015-06-05 15:45 - 2015-06-09 16:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-05 15:09 - 2015-06-05 15:09 - 00000000 ____D C:\Users\Alex\AppData\Local\GWX
2015-05-14 07:44 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 07:44 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 23:31 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-13 23:31 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-13 23:31 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-13 23:31 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-13 23:28 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-13 23:28 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-13 23:27 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-13 23:27 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-13 23:27 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-13 23:27 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-13 23:27 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-13 23:27 - 2015-03-13 02:29 - 00410017 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-05-13 23:27 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-13 23:27 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-13 23:27 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-13 23:27 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 23:27 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-13 23:27 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-13 23:26 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-13 23:26 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-13 23:26 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-13 23:26 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-13 23:26 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-13 23:26 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-13 23:26 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-13 23:26 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-13 23:26 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-13 23:26 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-13 23:26 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-13 23:26 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-13 23:26 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-13 23:26 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-13 23:26 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-13 23:26 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-13 23:26 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-13 23:26 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-13 23:26 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-13 23:26 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 23:26 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-13 23:26 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-13 23:26 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-13 23:26 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-13 23:26 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-13 23:26 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-13 23:26 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-13 23:26 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-13 23:26 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-13 23:26 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-13 23:26 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-13 23:26 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-13 23:26 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-13 23:26 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-13 23:26 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-13 23:26 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-13 23:26 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-13 23:26 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-13 23:26 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-13 23:26 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-13 23:26 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-13 23:26 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-13 23:26 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-13 23:26 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-13 23:16 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 23:16 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-13 23:10 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 23:10 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-13 23:10 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-13 23:10 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-13 22:57 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-13 22:57 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 22:57 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 22:57 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-13 22:57 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 22:57 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-13 22:57 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 22:57 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-13 22:52 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 22:52 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-13 22:52 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-09 17:35 - 2013-01-17 20:51 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-09 17:25 - 2014-12-02 18:23 - 01334244 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-09 17:24 - 2012-12-21 21:12 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1984589660-2839984093-1293527628-1002
2015-06-09 17:03 - 2013-12-25 13:09 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-09 17:02 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-09 17:02 - 2013-01-27 18:13 - 00000434 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-06-09 17:01 - 2014-09-23 23:06 - 00032246 _____ C:\WINDOWS\PFRO.log
2015-06-09 17:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Registration
2015-06-09 17:01 - 2013-08-22 16:46 - 00332044 _____ C:\WINDOWS\setupact.log
2015-06-09 17:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-09 17:00 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-09 16:58 - 2015-04-12 01:00 - 00000000 ____D C:\Users\Alex\Documents\Alex
2015-06-09 16:24 - 2012-12-21 22:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-09 16:23 - 2014-12-02 18:30 - 00000000 ____D C:\Users\Alex
2015-06-09 16:22 - 2012-10-14 20:46 - 00000000 ____D C:\Program Files (x86)\Amazon
2015-06-09 16:18 - 2012-12-21 21:44 - 00000000 ____D C:\ProgramData\MFAData
2015-06-09 16:16 - 2015-03-06 00:11 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DE6510C9-9EEC-400B-AC6B-296B1E4862B4}
2015-06-09 16:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-08 15:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-05 13:48 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-03 21:09 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-05-20 19:56 - 2015-04-05 15:45 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-20 19:56 - 2015-04-05 15:45 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-16 20:27 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-05-16 15:36 - 2013-08-22 16:44 - 00481504 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-16 15:25 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-05-16 15:25 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-05-14 15:22 - 2013-02-02 16:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-14 15:21 - 2013-08-05 16:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-05-14 15:17 - 2012-12-25 21:16 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-14 07:40 - 2014-09-24 08:00 - 00000000 ____D C:\Program Files\Windows Journal
==================== Files in the root of some directories =======
2013-06-18 14:44 - 2014-06-23 16:09 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2012-10-14 20:26 - 2012-10-14 20:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Alex\AppData\Local\Temp\ReiSysUpdate.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-09 17:24
==================== End of log ============================
--- --- ---
Addition.txt
[CODE]Additional
FRST Logfile: Code:
scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Alex at 2015-06-09 17:44:13
Running from C:\Users\Alex\Documents\Alex\Anti-Malware Software
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1984589660-2839984093-1293527628-500 - Administrator - Disabled)
Alex (S-1-5-21-1984589660-2839984093-1293527628-1002 - Administrator - Enabled) => C:\Users\Alex
Gast (S-1-5-21-1984589660-2839984093-1293527628-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1984589660-2839984093-1293527628-1004 - Limited - Enabled)
Ingo (S-1-5-21-1984589660-2839984093-1293527628-1005 - Administrator - Enabled)
UpdatusUser (S-1-5-21-1984589660-2839984093-1293527628-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
applicationupdater (HKU\S-1-5-21-1984589660-2839984093-1293527628-1002\...\SOE-C:/Users/Alex/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version: - Sony Online Entertainment)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4311 - AVG Technologies) Hidden
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
Classic Shell (HKLM\...\{ED6EFFF5-9030-4A56-BA12-4AED38D718AC}) (Version: 3.6.3 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Elite Dangerous Launcher version 0.4.2220.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.2220.0 - Frontier Developments)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
gamelauncher-ps2-psg (HKU\S-1-5-21-1984589660-2839984093-1293527628-1002\...\SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG) (Version: - Sony Online Entertainment)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Hearts of Iron III (HKLM-x32\...\Steam App 25890) (Version: - Paradox Development Studio)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1901 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.3.3 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{1E939186-B443-4262-A278-3C82949EA7AC}) (Version: 1.1.009.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly)
NVIDIA Grafiktreiber 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
PlanetSide 2 (HKU\S-1-5-21-1984589660-2839984093-1293527628-1002\...\soe-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-1984589660-2839984093-1293527628-1002\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sins of a Solar Empire (HKLM-x32\...\Sins of a Solar Empire) (Version: - Stardock Entertainment)
Sins of a Solar Empire (x32 Version: 1.05 - Kalypso) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.20.0000 - Firefly Studios)
Stronghold 2 (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.40.1000 - Firefly Studios)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold Kingdoms (HKLM-x32\...\{D1D632A2-E249-466D-A094-B1B934D37645}_is1) (Version: Stronghold Kingdoms (Installationsprogramm v1.17) - Firefly Studios)
Stronghold Legends (HKLM-x32\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.20.0000 - Firefly Studios)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Total War: ATTILA (HKLM-x32\...\Steam App 325610) (Version: - Creative Assembly)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly)
Unity (HKLM-x32\...\Unity) (Version: 4.5.3f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1984589660-2839984093-1293527628-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1984589660-2839984093-1293527628-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
20-05-2015 19:53:34 Windows Update
30-05-2015 17:48:31 Geplanter Prüfpunkt
08-06-2015 15:23:57 Geplanter Prüfpunkt
09-06-2015 16:15:46 Removed Amazon Browser App
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0141F1B1-C272-4B72-BC1B-F83BC2F6ED1E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2012-08-08] ()
Task: {038F57DC-0DA6-49C1-ABBB-830B5C384DB6} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {12163FAE-708E-4AB3-BBD7-9EF0A6CD3804} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {319D790E-8B0E-42A6-8D40-6258FCD2FD2D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {42A14452-F81D-4660-A3B8-F54F372FD9A0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {5D5307A8-2C90-4E5A-BCC0-5BADA3EDDAEF} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-08] ()
Task: {B011FF05-4517-4BDB-B7F3-5AACF6061C20} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {B289BD49-30E8-4CA5-81A6-1B818B38C9C6} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-08] ()
Task: {BC705F7A-3680-4123-A7AC-14DB671EF8E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {C2E36C43-4851-4D29-BF92-FFE08712FD15} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {EA2DAACF-7D5F-42AA-A808-9437D906A148} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {F1A1F1BD-CA72-44AC-B64A-8935ADB40361} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-08-08] (Lenovo)
Task: {FE0E2E8B-1166-4292-951F-3F4764292C1F} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-08] ()
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2013-12-26 20:42 - 2013-12-26 20:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-26 15:48 - 2012-08-26 15:48 - 00044408 _____ () C:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll
2013-11-06 14:48 - 2015-04-16 19:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 17:26 - 2015-04-23 04:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-06-17 11:54 - 2015-06-04 20:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-20 17:26 - 2015-04-23 04:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 17:26 - 2015-04-23 04:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-11-15 18:59 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-11-15 18:59 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-11-15 18:59 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-11-15 18:59 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-11-15 18:59 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-12-11 12:40 - 2015-06-04 20:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-11-06 14:48 - 2015-05-11 21:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-10-14 20:16 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1984589660-2839984093-1293527628-1002\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1984589660-2839984093-1293527628-1002\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1984589660-2839984093-1293527628-1002\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1984589660-2839984093-1293527628-1002\...\sony.com -> sony.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1984589660-2839984093-1293527628-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B749C5E4-14B3-4338-B358-A697CD839414}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{039B9884-CAED-4BD7-BCF4-D363A8053739}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{4EFCF892-8CC6-4EDC-AC82-A20D47455094}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{50EF8791-9B3A-4844-BDDD-5F3E63B2F3C6}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{E97C28D4-1331-4E8E-A089-EFCDBC19F6FE}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{A57ADAA8-88B7-4619-8480-F62B5576F9C8}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{EAB4FCBE-C1C5-4D04-A701-11BE71D23DE9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{070EB5EE-83DE-4CEE-977B-8C9FE6637D5F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AA6FB948-8A13-4BD1-9845-6D5991954249}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hearts of Iron 3\hoi3.exe
FirewallRules: [{57F3C356-2EEF-4A4B-87C9-8B43EC8F6A43}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hearts of Iron 3\hoi3.exe
FirewallRules: [UDP Query User{611895C2-CF06-49DE-A997-81DEDE69ECDA}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2_x64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2_x64.exe
FirewallRules: [TCP Query User{4F937226-CB1A-4D7D-8A76-03133CBAC2BC}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2_x64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2_x64.exe
FirewallRules: [{9573DD6B-E03A-4914-97A5-7CF6F4BF082C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{912D4627-26CB-495F-816C-06CFC2AFB054}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1D3661EA-B976-46E7-8F22-231E1D528C0B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{B47D3619-8C1A-46CD-9DE3-3F16BBC3CCDE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{DBED57F2-3816-4134-B72F-C58F3B1DD627}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [{C7013A9D-4798-4F19-874E-28B555D0F62D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [{8DE57AFC-286E-45D2-8EA9-F4E7C5D02F72}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{C53F6F74-F65A-46CD-A621-35BFFD0B9B50}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{EE09773B-2CC8-43EA-B425-1A214F02348D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{892BE02C-8234-45B0-89EB-53863A37EF42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [UDP Query User{EDCE1CB2-5755-44B7-8E35-11C7E9D0E3E1}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [TCP Query User{AA926A70-B45B-40D3-B71F-6A3D0FFA9F37}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{67576A57-FEBF-471E-AA4E-37BBEB75030C}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [TCP Query User{92201CC8-3D06-420D-9FEE-52F3260088AD}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{7E35D7FB-D3C3-41E3-8ADB-59E995F68CEA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8D91516D-B944-47DE-B68F-233819D92310}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3B2DEEFF-800E-46B9-981E-884D93B5B94F}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{90506300-37D8-4254-9647-525CF2589E69}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{16935D69-8F03-4AD8-A16C-EA76A63012A1}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{450EF465-4D5C-40D5-8D31-CC0DC88D7F49}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [UDP Query User{1844E987-F63A-498A-8F5A-87A269B665A3}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe] => (Block) C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe
FirewallRules: [TCP Query User{61F9CFA9-3362-4E7A-87A3-90C96235EB35}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe] => (Block) C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe
FirewallRules: [UDP Query User{19CB8CD3-BE62-4877-96C6-2D93D5387B49}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe] => (Block) C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe
FirewallRules: [TCP Query User{3046C590-CBED-4720-8635-3F5CEB504E17}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe] => (Block) C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe
FirewallRules: [UDP Query User{14A21E32-459A-406D-8EA4-BD1511445004}C:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe] => (Block) C:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe
FirewallRules: [TCP Query User{E1828710-3709-4318-A6BD-24FD129AEFAC}C:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe] => (Block) C:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe
FirewallRules: [UDP Query User{537C5AF5-3B65-4E55-BDE5-75BAF813FCCC}C:\program files (x86)\kalypso\sins of a solar empire\sins of a solar empire.exe] => (Allow) C:\program files (x86)\kalypso\sins of a solar empire\sins of a solar empire.exe
FirewallRules: [TCP Query User{391C793F-E429-4776-B676-D4A8953C5ADA}C:\program files (x86)\kalypso\sins of a solar empire\sins of a solar empire.exe] => (Allow) C:\program files (x86)\kalypso\sins of a solar empire\sins of a solar empire.exe
FirewallRules: [UDP Query User{FD45D739-3ECE-4DE3-8203-8B4B0C9D837E}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe] => (Block) C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe
FirewallRules: [TCP Query User{BE77A05D-3FF0-4677-B9AB-BA009547001A}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe] => (Block) C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe
FirewallRules: [UDP Query User{7DD8712D-78EB-4DBC-8C4A-F21D66E17AFD}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe] => (Allow) C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe
FirewallRules: [TCP Query User{A251B0E0-1197-4310-B9A1-384A79B3E519}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe] => (Allow) C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe
FirewallRules: [{FF5E558B-1491-4901-9E95-570A564CD22F}] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{39F4BF2B-37E3-4FDE-8FD3-F681F5742093}] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{C04AECDD-1ED3-4A03-9DAB-3D37D52FEC4A}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{FE40BE5B-4FF3-4081-A62E-8E3DA1E15EF6}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{ABD3D2CD-553D-4762-83EB-EB6DE230EE65}] => (Block) E:\sh2\stronghold2.exe
FirewallRules: [{EDD13F51-1D53-4185-8532-C85181B047D1}] => (Block) E:\sh2\stronghold2.exe
FirewallRules: [UDP Query User{6044EE01-9406-49B0-8D3B-2AB7E85FF8B1}E:\sh2\stronghold2.exe] => (Allow) E:\sh2\stronghold2.exe
FirewallRules: [TCP Query User{B85E7FF5-756E-4101-A5C6-0D55C742FE5D}E:\sh2\stronghold2.exe] => (Allow) E:\sh2\stronghold2.exe
FirewallRules: [{874C6125-BBD0-4A48-8832-0A6941568267}] => (Allow) C:\Program Files (x86)\Kalypso\Sins of a Solar Empire\Sins of a Solar Empire.exe
FirewallRules: [{29C9240F-61C6-46E8-A4BC-E2A940DD0936}] => (Allow) C:\Program Files (x86)\Kalypso\Sins of a Solar Empire\Sins of a Solar Empire.exe
FirewallRules: [{1AFF6B40-79FB-41C2-A8FD-BE4CCC2156D8}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold Legends\StrongholdLegends.exe
FirewallRules: [{4DF1A43B-F2C0-4A51-8CBC-E38D89980264}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold Legends\StrongholdLegends.exe
FirewallRules: [{443AE988-5BBE-4158-946A-19F2CBC9A0C5}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold\Stronghold.exe
FirewallRules: [{DC8DD29E-8AF9-4825-A2A1-A671792EC248}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold\Stronghold.exe
FirewallRules: [{8BBD11D4-859A-4520-8F98-D58758BA6E0A}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe
FirewallRules: [{671B271C-E84B-426E-A123-173F41DE91FB}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe
FirewallRules: [{F24ED05A-46C9-4301-8B98-AFC09C0FDB92}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe
FirewallRules: [{3EB9F4C3-D9C5-4088-99F2-AAB4FF873C3F}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe
FirewallRules: [{70ACC0B4-3C34-43B4-ACD4-C99FAAD37621}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe
FirewallRules: [{347DDDD2-E3FE-4938-A513-604A876C47C8}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe
FirewallRules: [{9B22BC92-CF0B-482F-9239-9F83AA2CDAEB}] => (Allow) C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
FirewallRules: [{CF11BA7C-B9B9-41A6-A337-480841922A75}] => (Allow) C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
FirewallRules: [{1D5A9963-F6D1-46BA-9E83-EED3A35015DA}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{F49BBE98-8241-493D-9237-BD68162149DD}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{746AA6E1-D3B3-472B-8BFF-E9970A334CBA}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{F26CD44C-6236-488C-AFFD-91389EFB4805}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{062B9F7F-9792-489F-A4C8-2DAA10E3F5CD}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{70DE3DBD-11BB-4F99-B448-54ED75FF51F1}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{4240E636-7454-4BA1-9BC6-2AD260BEF87E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EC1C1B8B-BD4E-4140-A093-556A7AB88423}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{DF1877D2-231D-4855-832D-A7A02D2FBCE3}C:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe
FirewallRules: [UDP Query User{CA97C638-F383-44B5-ACF7-D8761CAA277A}C:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe
FirewallRules: [{1ED7DB89-74EE-4677-94AB-38C8B68B7F78}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1CE354B4-FC9A-4C7A-94C7-E877A26CFF9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECAA1EA4-73A0-440D-A88F-83586F290EDF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{A6E9F6F8-3C50-4486-B853-CEFC090CE36D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [TCP Query User{7282F340-18F8-4901-9220-1242F95D0934}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EDA286C5-83E0-4908-BB67-A3E9FCF89BA1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{7D6E2628-EC2D-4C32-A977-9DA72E8F394A}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [UDP Query User{5841A4F1-47CE-424B-BF9F-562272F568C4}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [{F607857F-D68F-48DF-91B0-DEBC6E850B8A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{DCAB7A68-B1B0-4135-B0B2-9AC7932B37BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [TCP Query User{862930ED-5D90-4BB5-BC8C-8FA41D9C6937}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{B62B14BF-DDF9-4085-AE65-6C8E29F3B9B8}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{679E4B64-1862-47B2-9C89-2DE7CE96DA69}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [UDP Query User{2518E6B0-ED56-4E5F-B49F-D0B3CC290DFE}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/06/2015 07:24:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 38.0.1.5611 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: dbc
Startzeit: 01d09f91150203d4
Endzeit: 70
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: cd108fd9-0c70-11e5-bf43-b888e38b55ad
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/06/2015 07:24:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.1.5611, Zeitstempel: 0x55541a90
Name des fehlerhaften Moduls: NPSWF32_17_0_0_169.dll, Version: 17.0.0.169, Zeitstempel: 0x5529db53
Ausnahmecode: 0x80000003
Fehleroffset: 0x00358d1d
ID des fehlerhaften Prozesses: 0x850
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (05/25/2015 11:39:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BtStackServer.exe, Version: 12.0.0.1901, Zeitstempel: 0x503aa637
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0f20
ID des fehlerhaften Prozesses: 0x104c
Startzeit der fehlerhaften Anwendung: 0xBtStackServer.exe0
Pfad der fehlerhaften Anwendung: BtStackServer.exe1
Pfad des fehlerhaften Moduls: BtStackServer.exe2
Berichtskennung: BtStackServer.exe3
Vollständiger Name des fehlerhaften Pakets: BtStackServer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BtStackServer.exe5
Error: (05/14/2015 05:59:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hoi3_tfh.exe, Version: 0.0.0.0, Zeitstempel: 0x50978b2f
Name des fehlerhaften Moduls: hoi3_tfh.exe, Version: 0.0.0.0, Zeitstempel: 0x50978b2f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00798dd7
ID des fehlerhaften Prozesses: 0x1834
Startzeit der fehlerhaften Anwendung: 0xhoi3_tfh.exe0
Pfad der fehlerhaften Anwendung: hoi3_tfh.exe1
Pfad des fehlerhaften Moduls: hoi3_tfh.exe2
Berichtskennung: hoi3_tfh.exe3
Vollständiger Name des fehlerhaften Pakets: hoi3_tfh.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: hoi3_tfh.exe5
Error: (05/14/2015 08:49:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hoi3_tfh.exe, Version: 0.0.0.0, Zeitstempel: 0x50978b2f
Name des fehlerhaften Moduls: hoi3_tfh.exe, Version: 0.0.0.0, Zeitstempel: 0x50978b2f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00798dd7
ID des fehlerhaften Prozesses: 0x1058
Startzeit der fehlerhaften Anwendung: 0xhoi3_tfh.exe0
Pfad der fehlerhaften Anwendung: hoi3_tfh.exe1
Pfad des fehlerhaften Moduls: hoi3_tfh.exe2
Berichtskennung: hoi3_tfh.exe3
Vollständiger Name des fehlerhaften Pakets: hoi3_tfh.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: hoi3_tfh.exe5
Error: (05/12/2015 06:51:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BtStackServer.exe, Version: 12.0.0.1901, Zeitstempel: 0x503aa637
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0f20
ID des fehlerhaften Prozesses: 0x10dc
Startzeit der fehlerhaften Anwendung: 0xBtStackServer.exe0
Pfad der fehlerhaften Anwendung: BtStackServer.exe1
Pfad des fehlerhaften Moduls: BtStackServer.exe2
Berichtskennung: BtStackServer.exe3
Vollständiger Name des fehlerhaften Pakets: BtStackServer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BtStackServer.exe5
Error: (05/01/2015 02:44:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: launcher.exe_Total War: Attila, Version: 1.0.0.1, Zeitstempel: 0x553437bf
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x14e8
Startzeit der fehlerhaften Anwendung: 0xlauncher.exe_Total War: Attila0
Pfad der fehlerhaften Anwendung: launcher.exe_Total War: Attila1
Pfad des fehlerhaften Moduls: launcher.exe_Total War: Attila2
Berichtskennung: launcher.exe_Total War: Attila3
Vollständiger Name des fehlerhaften Pakets: launcher.exe_Total War: Attila4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: launcher.exe_Total War: Attila5
Error: (04/26/2015 06:51:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BtStackServer.exe, Version: 12.0.0.1901, Zeitstempel: 0x503aa637
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0f20
ID des fehlerhaften Prozesses: 0x11b4
Startzeit der fehlerhaften Anwendung: 0xBtStackServer.exe0
Pfad der fehlerhaften Anwendung: BtStackServer.exe1
Pfad des fehlerhaften Moduls: BtStackServer.exe2
Berichtskennung: BtStackServer.exe3
Vollständiger Name des fehlerhaften Pakets: BtStackServer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BtStackServer.exe5
Error: (04/26/2015 05:42:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hoi3_tfh.exe, Version: 0.0.0.0, Zeitstempel: 0x50978b2f
Name des fehlerhaften Moduls: hoi3_tfh.exe, Version: 0.0.0.0, Zeitstempel: 0x50978b2f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00798dd7
ID des fehlerhaften Prozesses: 0x1724
Startzeit der fehlerhaften Anwendung: 0xhoi3_tfh.exe0
Pfad der fehlerhaften Anwendung: hoi3_tfh.exe1
Pfad des fehlerhaften Moduls: hoi3_tfh.exe2
Berichtskennung: hoi3_tfh.exe3
Vollständiger Name des fehlerhaften Pakets: hoi3_tfh.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: hoi3_tfh.exe5
Error: (04/21/2015 10:42:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MeinPC)
Description: Bei der Aktivierung der App „Microsoft.BingSports_8wekyb3d8bbwe!AppexSports“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
System errors:
=============
Error: (06/09/2015 05:24:56 PM) (Source: DCOM) (EventID: 10010) (User: MeinPC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (06/09/2015 05:05:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/09/2015 05:05:04 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/09/2015 05:00:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (06/09/2015 04:28:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/09/2015 04:28:07 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/09/2015 04:23:34 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (06/09/2015 04:23:13 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (06/09/2015 04:22:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/09/2015 04:22:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (06/06/2015 07:24:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe38.0.1.5611dbc01d09f91150203d470C:\Program Files (x86)\Mozilla Firefox\firefox.execd108fd9-0c70-11e5-bf43-b888e38b55ad
Error: (06/06/2015 07:24:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.1.561155541a90NPSWF32_17_0_0_169.dll17.0.0.1695529db538000000300358d1d85001d09f9126c9aa27C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_17_0_0_169.dlld20a4680-0c70-11e5-bf43-b888e38b55ad
Error: (05/25/2015 11:39:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BtStackServer.exe12.0.0.1901503aa637ntdll.dll6.3.9600.17736550f4336c000037400000000000f0f20104c01d094c9d2a351e7C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exeC:\WINDOWS\SYSTEM32\ntdll.dllf7c65151-02c1-11e5-bf40-c0143dcb0cae
Error: (05/14/2015 05:59:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hoi3_tfh.exe0.0.0.050978b2fhoi3_tfh.exe0.0.0.050978b2fc000000500798dd7183401d08e5d712e6b98C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron 3\hoi3_tfh.exeC:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron 3\hoi3_tfh.exe442c63b5-fa52-11e4-bf3b-c0143dcb0cae
Error: (05/14/2015 08:49:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: hoi3_tfh.exe0.0.0.050978b2fhoi3_tfh.exe0.0.0.050978b2fc000000500798dd7105801d08e10147c9041C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron 3\hoi3_tfh.exeC:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron 3\hoi3_tfh.exe67540e51-fa05-11e4-bf3b-c0143dcb0cae
Error: (05/12/2015 06:51:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BtStackServer.exe12.0.0.1901503aa637ntdll.dll6.3.9600.17736550f4336c000037400000000000f0f2010dc01d08ad9f891852bC:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exeC:\WINDOWS\SYSTEM32\ntdll.dll2ed21673-f8c7-11e4-bf3b-c0143dcb0cae
Error: (05/01/2015 02:44:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: launcher.exe_Total War: Attila1.0.0.1553437bfunknown0.0.0.000000000c00000050000000014e801d0840c90ba0680C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exeunknownd72309d1-efff-11e4-bf39-c0143dcb0cae
Error: (04/26/2015 06:51:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BtStackServer.exe12.0.0.1901503aa637ntdll.dll6.3.9600.17736550f4336c000037400000000000f0f2011b401d07cf4a1de374bC:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exeC:\WINDOWS\SYSTEM32\ntdll.dll6c9b143c-ec34-11e4-bf38-b888e38b55ad
Error: (04/26/2015 05:42:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hoi3_tfh.exe0.0.0.050978b2fhoi3_tfh.exe0.0.0.050978b2fc000000500798dd7172401d080324df8f0d6C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron 3\hoi3_tfh.exeC:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron 3\hoi3_tfh.exed2beb205-ec2a-11e4-bf38-b888e38b55ad
Error: (04/21/2015 10:42:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MeinPC)
Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927142
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 20%
Total physical RAM: 8057.77 MB
Available physical RAM: 6444.49 MB
Total Pagefile: 9337.77 MB
Available Pagefile: 7500.19 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:883.74 GB) (Free:682.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.4 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D2EE1848)
Partition: GPT Partition Type.
==================== End of log ============================
--- --- --- |
Hinweis:
FRST 32-Bit | FRST 64-Bit
AdwCleaner auf deinen Desktop.
