Windows 8: Internet leitet auf andere Seiten weiter
Hallo zusammen
Ich habe ein Problem, wenn ich am surfen bin werde ich automatisch auf andere seiten weitergeleitet.
Hier sind die Logs davon
FRST: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Marko at 2014-08-03 14:44:43
Running from C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{9329FB02-864A-0B4D-B98E-EDECF804F22B}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0518.334.4496 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.4.6515 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.2.4128 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3026 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.4.3026 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.4.3021 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3024 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.1.3024 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.1.2922 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Ihr Firmenname)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{BB27C290-AB30-4D9E-A5D1-88745AAE42E9}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 11.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{1C5BBAD8-4079-4014-8803-751333FBC112}) (Version: 1.0.8 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.6.0.1033 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Ihr Firmenname)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{931210CE-36BC-BB05-9559-D2320932312E}) (Version: 11.0.738.3 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.27.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 1.1.9200.15 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)
SNT (HKLM-x32\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: 4.2.0.1362 - SNT) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
29-06-2014 10:48:17 Geplanter Prüfpunkt
26-07-2014 19:20:17 Geplanter Prüfpunkt
28-07-2014 18:25:49 Removed Energy Star
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0045527E-95CC-4AD8-B8EF-92955B17F239} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {116C34B2-828B-471B-AC5B-9F8175EDE293} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {1B848EE5-1C91-437B-B618-466256BC2E8D} - System32\Tasks\SO.Booster-S-603818780 => c:\programdata\topapp software\so.booster\SO.Booster.exe <==== ATTENTION
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {20FED990-1A40-4B9B-92E3-15470DC50875} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {36FDF4A6-A189-41BB-A136-E48010696965} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {401D3946-3D7A-43B7-9B14-A8B7602D39F9} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {47AB1C4E-38C4-4DBB-A7D5-96D584BCF234} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {64E4A49C-1246-4C2A-BC0E-C4505668A9BD} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6B0B4558-0C31-4B87-9E3A-D2608B718EFC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6F134933-2CAA-4DBB-8E25-D7D745208B57} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-27] (Microsoft Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {751781C6-8D3D-4557-830D-3B5B5DF4C05D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7F3667B6-6A10-4146-8EF1-0546166CEB2E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {98C81502-B53B-4FC4-9FED-C88FCFC57209} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B5A23A08-8E1C-4EA5-843E-42F652EC532F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C03BBFD6-F20A-4CE5-8F8B-11559A699442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C2924110-4E41-4FF3-8233-95BF206C53D5} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {CFFAB8E5-45C4-4F81-B4F0-FA697E49BD40} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D915C949-9479-4CD4-A524-A98E74469523} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E17EFE45-4BC9-47DA-8452-22D8D3BEE857} - System32\Tasks\HPCeeScheduleForMarko => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E7D741E5-E26A-4ED1-A831-56A3ED6E2BA0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-26] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMarko.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\SO.Booster-S-603818780.job => c:\programdata\topapp software\so.booster\SO.Booster.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2013-05-14 18:33 - 2013-05-14 18:33 - 00016632 _____ () C:\Windows\system32\BsHelpCSps.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00029432 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2013-05-24 11:22 - 2013-05-24 11:22 - 00334648 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2011-07-05 11:53 - 2011-07-05 11:53 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00016632 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00062200 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00080120 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00371448 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll
2013-11-16 00:35 - 2013-03-12 16:51 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-12 23:53 - 2013-03-12 23:53 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-11-16 00:02 - 2013-05-08 23:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-05-14 18:33 - 2013-05-14 18:33 - 00029432 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2014-05-01 22:40 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Marko\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Marko\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\Marko\SkyDrive.old:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/03/2014 02:42:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c70
Startzeit: 01cfaf17af6b3157
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: a5fbc5e6-1b0b-11e4-bf26-3423872d76c6
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (08/03/2014 02:36:14 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
Error: (08/03/2014 02:26:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 900
Startzeit: 01cfaf15652a570d
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 58ae6429-1b09-11e4-bf25-3423872d76c6
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (08/03/2014 02:11:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1ac0
Startzeit: 01cfaf134cbe2b94
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 40386ea5-1b07-11e4-bf25-3423872d76c6
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (08/03/2014 02:00:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363
Name des fehlerhaften Moduls: mbamcore.dll, Version: 1.0.11.0, Zeitstempel: 0x536d8027
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000b6141
ID des fehlerhaften Prozesses: 0x398
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3
Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5
Error: (08/03/2014 01:57:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e24
Startzeit: 01cfaf11513ee4d9
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 47ef6262-1b05-11e4-bf25-3423872d76c6
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (08/03/2014 01:51:13 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
Error: (08/02/2014 10:03:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: cb0
Startzeit: 01cfae8c204d6fb6
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 13f164d7-1a80-11e4-bf24-3423872d76c6
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (08/02/2014 05:01:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Error: (08/01/2014 06:05:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
System errors:
=============
Error: (08/03/2014 02:36:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SO.Sustainer erreicht.
Error: (08/03/2014 02:35:22 PM) (Source: DCOM) (EventID: 10010) (User: MARKOPC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (08/03/2014 02:00:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (08/03/2014 02:00:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (08/03/2014 02:00:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/03/2014 01:51:11 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000113 (0x0000000000000017, 0xffffe0012cdfc540, 0x0000000000000000, 0x0000000000000000)C:\WINDOWS\MEMORY.DMP080314-23125-01
Error: (08/03/2014 01:51:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 02.08.2014 um 21:49:03 unerwartet heruntergefahren.
Error: (08/03/2014 01:50:42 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212254731173328
Error: (08/02/2014 10:14:49 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SE551",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A092FAB9-DA75-458A-9AEA-4A4E5BEC527A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (08/02/2014 03:48:43 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 0.0.0.0 mit dem Computer mit der
Netzwerkhardwareadresse 00-00-00-00-00-00 ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Microsoft Office Sessions:
=========================
Error: (08/03/2014 02:42:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498c7001cfaf17af6b31574294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exea5fbc5e6-1b0b-11e4-bf26-3423872d76c6microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (08/03/2014 02:36:14 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:
Error: (08/03/2014 02:26:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2049890001cfaf15652a570d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe58ae6429-1b09-11e4-bf25-3423872d76c6microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (08/03/2014 02:11:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.204981ac001cfaf134cbe2b944294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe40386ea5-1b07-11e4-bf25-3423872d76c6microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (08/03/2014 02:00:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamcore.dll1.0.11.0536d8027c0000417000b614139801cfaf11f5a9d8fcC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamcore.dllbc2a9eca-1b05-11e4-bf25-3423872d76c6
Error: (08/03/2014 01:57:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498e2401cfaf11513ee4d94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe47ef6262-1b05-11e4-bf25-3423872d76c6microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (08/03/2014 01:51:13 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:
Error: (08/02/2014 10:03:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498cb001cfae8c204d6fb64294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe13f164d7-1a80-11e4-bf24-3423872d76c6microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (08/02/2014 05:01:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsSMSEditor.exe
Error: (08/01/2014 06:05:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsSMSEditor.exe
CodeIntegrity Errors:
===================================
Date: 2014-06-08 14:07:24.770
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-06-08 14:07:24.707
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 7962.15 MB
Available physical RAM: 6118.43 MB
Total Pagefile: 16154.15 MB
Available Pagefile: 14219.73 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:907.62 GB) (Free:842.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:22.78 GB) (Free:1.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 6AF372B9)
Partition: GPT Partition Type.
==================== End Of Log ============================
gmer: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-03 14:51:34
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000022 HGST_HTS541010A9E680 rev.JA0OA590 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Marko\AppData\Local\Temp\uwtdypoc.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\atiesrxx.exe[924] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb4d25169a 4 bytes [25, 4D, FB, 7F]
.text C:\WINDOWS\system32\atiesrxx.exe[924] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb4d2516a2 4 bytes [25, 4D, FB, 7F]
.text C:\WINDOWS\system32\atiesrxx.exe[924] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb4d25181a 4 bytes [25, 4D, FB, 7F]
.text C:\WINDOWS\system32\atiesrxx.exe[924] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb4d251832 4 bytes [25, 4D, FB, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[384] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb4d25169a 4 bytes [25, 4D, FB, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[384] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb4d2516a2 4 bytes [25, 4D, FB, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[384] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb4d25181a 4 bytes [25, 4D, FB, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[384] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb4d251832 4 bytes [25, 4D, FB, 7F]
? C:\Windows\SYSTEM32\BsHelpCSps.dll [1776] entry point in ".data" section 0000000002cc5055
.text C:\Program Files\Windows Defender\MsMpEng.exe[2084] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffb4d25169a 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[2084] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffb4d2516a2 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[2084] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffb4d25181a 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[2084] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffb4d251832 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4120] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb4d25169a 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4120] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb4d2516a2 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4120] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb4d25181a 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4120] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb4d251832 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4536] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffb4d25169a 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4536] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffb4d2516a2 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4536] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffb4d25181a 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4536] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffb4d251832 4 bytes [25, 4D, FB, 7F]
? C:\Windows\SYSTEM32\BsHelpCSps.dll [4308] entry point in ".data" section 00000000031f5055
? C:\Windows\SYSTEM32\BlueSoleilCSps.dll [4308] entry point in ".rdata" section 0000000003224085
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5636] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb4d25169a 4 bytes [25, 4D, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5636] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb4d2516a2 4 bytes [25, 4D, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5636] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb4d25181a 4 bytes [25, 4D, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5636] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb4d251832 4 bytes [25, 4D, FB, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6996] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffb3fb81f6a 4 bytes [B8, 3F, FB, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6996] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffb3fb81f82 4 bytes [B8, 3F, FB, 7F]
.text C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV\FRST64.exe[4060] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffb3fb81f6a 4 bytes [B8, 3F, FB, 7F]
.text C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV\FRST64.exe[4060] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffb3fb81f82 4 bytes [B8, 3F, FB, 7F]
.text C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV\FRST64.exe[4060] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb4d25169a 4 bytes [25, 4D, FB, 7F]
.text C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV\FRST64.exe[4060] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb4d2516a2 4 bytes [25, 4D, FB, 7F]
.text C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV\FRST64.exe[4060] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb4d25181a 4 bytes [25, 4D, FB, 7F]
.text C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV\FRST64.exe[4060] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb4d251832 4 bytes [25, 4D, FB, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [628:652] fffff96000903b90
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140404.001\Scxpx86.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4600] (FILE NOT FOUND) 00000000690f0000
Library C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140404.001\IDSxpx86.dll (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [6928] (FILE NOT FOUND) 000000005dfb0000
Library C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140319.001\BHEngine.dll (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [6928] (FILE NOT FOUND) 000000005cfa0000
Process C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV\FRST64.exe (*** suspicious ***) @ C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\0JPDNJPV\FRST64.exe [4060] (Farbar Recovery Scan Tool/Farbar)(2014-08-03 12:43:26) 00007ff76dc40000
Process C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\FDTWKCPP\Gmer-19357.exe (*** suspicious ***) @ C:\Users\Marko\AppData\Local\Microsoft\Windows\INetCache\IE\FDTWKCPP\Gmer-19357.exe [6940](2014-08-03 12:46:22) 0000000000400000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
defogger: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:47 on 03/08/2014 (Marko)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Vielen dank im voraus für eure hilfe. |
