|
Plagegeister aller Art und deren Bekämpfung: Mein Mozilla Firefox stürzt immer wieder abWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.01.2014, 15:58 | #1 |
| Mein Mozilla Firefox stürzt immer wieder ab Nach Absturz des Firefos erscheint eine Fehlermeldung. Es wird ein Problembericht erstellt der dann an Firefox gesendet wird. Hier der Fehlerbericht: AdapterDeviceID: 0x9640 AdapterVendorID: 0x1002 Add-ons: adblockpopups%40jessehakanen.net:0.9.1,firefox2%40schnaeppchenfuchs.com:1.11,toolbar%40web.de:2.9,%7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.4,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0,%7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D:2.4.1 AvailablePageFile: 4292206592 AvailablePhysicalMemory: 1421553664 AvailableVirtualMemory: 3229863936 BuildID: 20131205075310 CrashTime: 1390573965 EMCheckCompatibility: true Email: caballero@web.de FramePoisonBase: 00000000f0de0000 FramePoisonSize: 65536 InstallTime: 1387988200 Notes: AdapterVendorID: 0x1002, AdapterDeviceID: 0x9640, AdapterSubsysID: 77481462, AdapterDriverVersion: 8.900.0.0 D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ ProductID: {ec8030f7-c20a-464f-9b0e-13a3a9e97384} ProductName: Firefox ReleaseChannel: release SecondsSinceLastCrash: 10463 StartupTime: 1390571798 SystemMemoryUsePercentage: 62 Theme: classic/1.0 Throttleable: 1 TotalVirtualMemory: 4294836224 URL: hxxp://www.google.de/search?q=eaasdc&oe=utf-8&rls=org.mozilla%3Ade%3Aofficial&client=firefox-a&gws_rd=cr&um=1&tbm=isch&tab=wi&oq=eaasdc&gs_l=img.12...0.0.0.1932.0.0.0.0.0.0.0.0..0.0....0...1ac..34.img..0.0.0.BdmNdyUIk-s Vendor: Mozilla Version: 26.0 Winsock_LSP: MSAFD-Tcpip [TCP/IPv6] : 2 : 1 : %SystemRoot%\system32\mswsock.dll MSAFD-Tcpip [UDP/IPv6] : 2 : 2 : MSAFD-Tcpip [RAW/IPv6] : 2 : 3 : %SystemRoot%\system32\mswsock.dll MSAFD-Tcpip [TCP/IP] : 2 : 1 : MSAFD-Tcpip [UDP/IP] : 2 : 2 : %SystemRoot%\system32\mswsock.dll MSAFD-Tcpip [RAW/IP] : 2 : 3 : RSVP-TCPv6-Dienstanbieter : 2 : 1 : %SystemRoot%\system32\mswsock.dll RSVP-TCP-Dienstanbieter : 2 : 1 : RSVP-UDPv6-Dienstanbieter : 2 : 2 : %SystemRoot%\system32\mswsock.dll RSVP-UDP-Dienstanbieter : 2 : 2 : MSAFD Pgm (RDM) : 2 : 4 : %SystemRoot%\system32\mswsock.dll MSAFD Pgm (Stream) : 2 : 1 : useragent_locale: de Diese Meldung enthält Informationen über den Status der Anwendung zum Zeitpunkt des Absturzes. |
24.01.2014, 15:58 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein Mozilla Firefox stürzt immer wieder ab Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
25.01.2014, 03:30 | #3 |
| Mein Mozilla Firefox stürzt immer wieder ab Ich kann FRST 64-Bit nicht herunterladen. Die Seite wird zwar geöffnet, aber der download startet nicht. Was soll ich tun?
__________________ |
25.01.2014, 19:54 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein Mozilla Firefox stürzt immer wieder ab
__________________ Logfiles bitte immer in CODE-Tags posten |
27.01.2014, 02:28 | #5 |
| Mein Mozilla Firefox stürzt immer wieder ab FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 02 Ran by Konni's PC (administrator) on KONNISPC-PC on 26-01-2014 17:40:29 Running from C:\Users\Konni's PC\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe () C:\Windows\System32\DlProtectSvc.exe () C:\Windows\System32\asydfilt.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (ElmüSoft) C:\Program Files (x86)\PTBSync\PTBSync.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (1&1 Mail & Media GmbH) C:\Users\Konni's PC\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ElmüSoft) C:\Program Files (x86)\PTBSync\PTBSync.exe () C:\ProgramData\dlprotect.exe (Dropbox, Inc.) C:\Users\Konni's PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [PTBSync] - C:\Program Files (x86)\PTBSync\PTBSync.exe [1582592 2013-08-19] (ElmüSoft) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-01-14] () HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung) HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung) HKCU\...\Run: [WEB.DE Application {sync-000021}] - C:\Users\Konni's PC\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe [875008 2013-09-13] (1&1 Mail & Media GmbH) HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] () HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] () Startup: C:\Users\Konni's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Konni's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Konni's PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3317892&octid=CT3317892&SearchSource=61&CUI=UN33530904012615512&UM=2&UP=SPA07219EE-B586-41AC-A8BE-FE06016BBD04&SSPV= HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {8F1C47AF-330A-4356-9012-9B3D83E7D65D} URL = SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search SearchScopes: HKCU - DefaultScope {8F1C47AF-330A-4356-9012-9B3D83E7D65D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317892&CUI=UN33530904012615512&UM=2 SearchScopes: HKCU - URL hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=5.1&ts=1381322332636.000009&tguid=66920-6787-1381322332636-7B431BEA5E90FC56CE2346F6AA8F9567&q={searchTerms} SearchScopes: HKCU - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=66920&gid=66920-6787-1381322332636-7B431BEA5E90FC56CE2346F6AA8F9567&dbCode=1&command={searchTerms} SearchScopes: HKCU - TopResultURLFallback hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=5.1&ts=1381322332636.000009&tguid=66920-6787-1381322332636-7B431BEA5E90FC56CE2346F6AA8F9567&q={searchTerms} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {8F1C47AF-330A-4356-9012-9B3D83E7D65D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317892&CUI=UN33530904012615512&UM=2 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default FF user.js: detected! => C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\user.js FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\badoo.xml FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\conduit-search.xml FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\conduit.xml FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Schnäppchenfuchs Gutscheinfinder - C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\Extensions\firefox2@schnaeppchenfuchs.com [2014-01-14] FF Extension: RadioTotal1 - C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\Extensions\{422f7661-9403-4da4-b4ef-cc3e268817b5} [2014-01-14] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-01-24] FF Extension: WEB.DE MailCheck - C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\Extensions\toolbar@web.de.xpi [2012-01-24] FF Extension: Adblock Plus - C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-29] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-01-25] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-01-25] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (Der Schnäppchenfuchs Gutscheinfinder) - C:\Users\Konni's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\camijhkahcckljhgpgfgglbegedoepda [2014-01-14] CHR HKLM\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [2014-01-14] CHR HKCU\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [2014-01-14] CHR HKLM-x32\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [2014-01-14] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-01-11] ==================== Services (Whitelisted) ================= S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-05-27] (Adobe Systems) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-15] (Advanced Micro Devices, Inc.) R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [125440 2014-01-14] () R2 getmac64; C:\Windows\system32\asydfilt.exe [118784 2014-01-14] () R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-12-05] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [184800 2013-12-05] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 PTBSync; C:\Program Files (x86)\PTBSync\PTBSync.exe [1582592 2013-08-19] (ElmüSoft) S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-09] (soft Xpansion) ==================== Drivers (Whitelisted) ==================== R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-12-05] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-12-05] (McAfee, Inc.) R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-12-05] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-12-05] (McAfee, Inc.) R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782616 2013-12-05] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.) R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-12-05] (McAfee, Inc.) R2 WinRing0_1_2_0; C:\Windows\system32\Drivers\ptbring0.sys [14544 2013-08-19] (OpenLibSys.org) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-26 17:40 - 2014-01-26 17:42 - 00021763 _____ C:\Users\Konni's PC\Downloads\FRST.txt 2014-01-26 17:40 - 2014-01-26 17:40 - 00000000 ____D C:\FRST 2014-01-26 17:38 - 2014-01-26 17:38 - 02078208 _____ (Farbar) C:\Users\Konni's PC\Downloads\FRST64.exe 2014-01-24 20:23 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys 2014-01-15 17:15 - 2014-01-15 17:15 - 00000000 ____D C:\Users\Konni's PC\AppData\Local\{78ABAA2E-9C9D-442E-B4ED-71060235558B} 2014-01-15 10:30 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 10:30 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 10:30 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-14 17:31 - 2014-01-14 17:32 - 00000000 ____D C:\Program Files (x86)\PallySoftAddon 2014-01-14 17:31 - 2014-01-14 17:31 - 00125440 _____ C:\Windows\system32\DlProtectSvc.exe 2014-01-14 17:31 - 2014-01-14 17:31 - 00118784 _____ C:\Windows\system32\asydfilt.exe 2014-01-14 17:31 - 2014-01-14 17:31 - 00012800 _____ C:\ProgramData\dlprotect.exe 2014-01-14 17:29 - 2014-01-14 17:29 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect 2014-01-14 17:29 - 2014-01-14 17:29 - 00000000 ____D C:\Users\Konni's PC\AppData\Roaming\SearchProtect 2014-01-14 17:28 - 2014-01-14 17:35 - 00000000 ____D C:\Users\Konni's PC\AppData\Local\Conduit 2014-01-14 17:28 - 2014-01-14 17:28 - 00000000 ____D C:\ProgramData\Conduit 2014-01-14 17:28 - 2014-01-14 17:28 - 00000000 ____D C:\Program Files (x86)\Conduit 2014-01-14 17:26 - 2014-01-14 17:26 - 00600408 _____ C:\Users\Konni's PC\Downloads\profren-Downloader(1).exe 2014-01-14 17:25 - 2014-01-14 17:26 - 00600408 _____ C:\Users\Konni's PC\Downloads\profren-Downloader.exe 2014-01-14 17:11 - 2014-01-14 17:11 - 01086488 _____ (TGRMN Software ) C:\Users\Konni's PC\Downloads\BRU_Setup_WinNTx64.exe ==================== One Month Modified Files and Folders ======= 2014-01-26 17:42 - 2014-01-26 17:40 - 00021763 _____ C:\Users\Konni's PC\Downloads\FRST.txt 2014-01-26 17:40 - 2014-01-26 17:40 - 00000000 ____D C:\FRST 2014-01-26 17:38 - 2014-01-26 17:38 - 02078208 _____ (Farbar) C:\Users\Konni's PC\Downloads\FRST64.exe 2014-01-26 17:37 - 2013-09-11 19:02 - 00000000 ____D C:\Users\Konni's PC\AppData\Local\Clipboarder 2014-01-26 17:32 - 2009-07-14 05:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-26 17:32 - 2009-07-14 05:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-26 17:29 - 2012-01-22 03:31 - 01353334 _____ C:\Windows\WindowsUpdate.log 2014-01-26 17:25 - 2012-07-13 13:32 - 00000000 ___RD C:\Users\Konni's PC\Dropbox 2014-01-26 17:25 - 2012-07-13 13:27 - 00000000 ____D C:\Users\Konni's PC\AppData\Roaming\Dropbox 2014-01-26 17:25 - 2012-02-14 11:07 - 00001455 _____ C:\Users\Konni's PC\Documents\PTBSync-AutoExport-KonniS Pc.ini 2014-01-26 17:25 - 2012-02-14 11:07 - 00000836 _____ C:\Users\Konni's PC\Documents\PTBSync-DesktopSetting-KonniS Pc.txt 2014-01-26 17:24 - 2012-01-22 03:38 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-26 17:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-26 17:23 - 2009-07-14 05:51 - 00122140 _____ C:\Windows\setupact.log 2014-01-26 17:02 - 2012-01-22 03:38 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-26 16:54 - 2012-04-02 17:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-26 11:03 - 2012-01-25 01:51 - 00000000 ____D C:\Program Files (x86)\McAfee 2014-01-25 10:04 - 2010-11-21 04:47 - 00139644 _____ C:\Windows\PFRO.log 2014-01-24 20:17 - 2012-01-25 01:51 - 00000000 ____D C:\Program Files\Common Files\McAfee 2014-01-24 19:11 - 2011-05-16 15:04 - 00654150 _____ C:\Windows\system32\perfh007.dat 2014-01-24 19:11 - 2011-05-16 15:04 - 00130022 _____ C:\Windows\system32\perfc007.dat 2014-01-24 19:11 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-24 12:58 - 2012-07-13 13:29 - 00000000 ____D C:\Users\Konni's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-24 11:42 - 2012-02-14 00:17 - 00000000 ____D C:\Users\Konni's PC\Weisheiten 2014-01-19 15:32 - 2013-01-14 13:18 - 00000000 ____D C:\Users\Konni's PC\aa noch zuordnen 2014-01-18 12:39 - 2012-01-22 03:45 - 00000000 ___RD C:\Users\Konni's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-16 18:59 - 2012-02-20 21:53 - 00000000 ____D C:\Users\Konni's PC\AppData\Local\Adobe 2014-01-16 18:58 - 2013-07-19 09:37 - 00002170 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-01-16 18:58 - 2012-11-20 09:31 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan 2014-01-16 18:58 - 2012-04-02 17:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-16 18:58 - 2012-04-02 17:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-01-16 18:58 - 2011-10-14 13:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-16 18:07 - 2009-07-14 05:45 - 00377680 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-16 00:46 - 2013-08-20 02:01 - 00000000 ____D C:\Windows\system32\MRT 2014-01-16 00:39 - 2011-07-18 21:31 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-15 17:15 - 2014-01-15 17:15 - 00000000 ____D C:\Users\Konni's PC\AppData\Local\{78ABAA2E-9C9D-442E-B4ED-71060235558B} 2014-01-14 17:35 - 2014-01-14 17:28 - 00000000 ____D C:\Users\Konni's PC\AppData\Local\Conduit 2014-01-14 17:32 - 2014-01-14 17:31 - 00000000 ____D C:\Program Files (x86)\PallySoftAddon 2014-01-14 17:31 - 2014-01-14 17:31 - 00125440 _____ C:\Windows\system32\DlProtectSvc.exe 2014-01-14 17:31 - 2014-01-14 17:31 - 00118784 _____ C:\Windows\system32\asydfilt.exe 2014-01-14 17:31 - 2014-01-14 17:31 - 00012800 _____ C:\ProgramData\dlprotect.exe 2014-01-14 17:29 - 2014-01-14 17:29 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect 2014-01-14 17:29 - 2014-01-14 17:29 - 00000000 ____D C:\Users\Konni's PC\AppData\Roaming\SearchProtect 2014-01-14 17:28 - 2014-01-14 17:28 - 00000000 ____D C:\ProgramData\Conduit 2014-01-14 17:28 - 2014-01-14 17:28 - 00000000 ____D C:\Program Files (x86)\Conduit 2014-01-14 17:26 - 2014-01-14 17:26 - 00600408 _____ C:\Users\Konni's PC\Downloads\profren-Downloader(1).exe 2014-01-14 17:26 - 2014-01-14 17:25 - 00600408 _____ C:\Users\Konni's PC\Downloads\profren-Downloader.exe 2014-01-14 17:11 - 2014-01-14 17:11 - 01086488 _____ (TGRMN Software ) C:\Users\Konni's PC\Downloads\BRU_Setup_WinNTx64.exe 2014-01-14 14:28 - 2013-12-08 17:57 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk 2014-01-14 14:28 - 2012-09-25 09:48 - 01594880 ___SH C:\Users\Konni's PC\Downloads\Thumbs.db 2013-12-30 17:01 - 2012-04-26 11:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service Files to move or delete: ==================== C:\ProgramData\dlprotect.exe Some content of TEMP: ==================== C:\Users\Konni's PC\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 13:30 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2014 02 Ran by Konni's PC at 2014-01-26 17:43:10 Running from C:\Users\Konni's PC\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== Adobe AIR (x32 Version: 3.0.0.4080 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.0.0.4080 - Adobe Systems Incorporated) Hidden Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated) Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (x32 Version: 12.0.4.144 - Adobe Systems, Inc.) Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden AMD APP SDK Runtime (Version: 2.5.775.2 - Advanced Micro Devices Inc.) Hidden AMD AVIVO64 Codecs (Version: 11.7.0.10915 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (Version: 3.0.847.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Fuel (Version: 2011.0915.1402.23298 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.60915.1336 - Advanced Micro Devices, Inc.) Hidden AMD VISION Engine Control Center (x32 Version: 2011.0915.1402.23298 - Advanced Micro Devices, Inc.) Hidden Ashampoo Burning Studio (x32 Version: 10.0.10 - Ashampoo GmbH & Co. KG) Ashampoo Photo Commander (x32 Version: 9.2.0 - Ashampoo GmbH & Co. KG) Ashampoo Photo Optimizer (x32 Version: 4.0.0 - Ashampoo GmbH & Co. KG) Ashampoo Snap (x32 Version: 4.3.0 - Ashampoo GmbH & Co. KG) Badoo Desktop (x32 Version: 1.6.58.1220 - Badoo) Catalyst Control Center InstallProxy (x32 Version: 2011.0915.1402.23298 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2011.0915.1402.23298 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2011.0915.1401.23298 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2011.0915.1401.23298 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2011.0915.1401.23298 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2011.0915.1401.23298 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2011.0915.1401.23298 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2011.0915.1401.23298 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2011.0915.1401.23298 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2011.0915.1401.23298 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2011.0915.1401.23298 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2011.0915.1401.23298 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2011.0915.1401.23298 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2011.0915.1402.23298 - Advanced Micro Devices, Inc.) Hidden Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation) Corel Graphics - Windows Shell Extension (x32 Version: 15.2.0.686 - Corel Corporation) Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - Extra Content (x32 Version: - Corel Corporation) CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 (x32 Version: 15.2.0.686 - Corel Corporation) CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden CyberLink LabelPrint (x32 Version: 2.5.3418 - CyberLink Corp.) CyberLink LabelPrint (x32 Version: 2.5.3418 - CyberLink Corp.) Hidden CyberLink MediaEspresso (x32 Version: 6.5.1817_38674 - CyberLink Corp.) CyberLink MediaEspresso (x32 Version: 6.5.1817_38674 - CyberLink Corp.) Hidden CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.) CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.) Hidden CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) Hidden CyberLink YouPaint (x32 Version: 1.2.1928 - CyberLink Corp.) CyberLink YouPaint (x32 Version: 1.2.1928 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Download Protect (HKCU Version: - Download Protect) Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2 - Microsoft Corporation) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Foto-Mosaik-Edda Standard V5.8.0 (x32 Version: - Steffen Schirmer) Foto-Mosaik-Edda Standard V6.8.13221.1 (x32 Version: - Steffen Schirmer) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Earth (x32 Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden Java 7 Update 45 (x32 Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java(TM) 7 Update 1 (64-bit) (Version: 7.0.10 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden McAfee Internet Security Suite (x32 Version: 12.8.908 - McAfee, Inc.) Medion Home Cinema (x32 Version: 8.0.2926 - CyberLink Corp.) Medion Home Cinema (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden Memeo Instant Backup (x32 Version: 4.60.0.7943 - Memeo Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2000 Premium (x32 Version: 9.00.2816 - Microsoft Corporation) Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1 - NAVIGON) Nokia Connectivity Cable Driver (x32 Version: 7.1.92.0 - Nokia) Nokia Suite (x32 Version: 3.6.36.0 - Nokia) Nokia Suite (x32 Version: 3.6.36.0 - Nokia) Hidden PC Connectivity Solution (x32 Version: 12.0.48.0 - Nokia) PCSUITE SHREDDER (x32 Version: - Markement GmbH) PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden PokerStars (x32 Version: - PokerStars) Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden PTBSync (Atomuhr Synchronisation & Terminkalender) (x32 Version: 5.7c - ElmueSoft) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438 - Realtek Semiconductor Corp.) Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.) Shared C Run-time for x64 (Version: 10.0.0 - McAfee) Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0 - Adobe Systems Incorporated) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN) WEB.DE Online-Speicher 1.5.1894.0 (HKCU Version: 1.5.1894.0 - 1&1 Mail & Media GmbH) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0 - Nokia) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 02-01-2014 11:44:57 Geplanter Prüfpunkt 11-01-2014 11:04:17 Geplanter Prüfpunkt 14-01-2014 16:19:26 Removed Badoo Desktop 15-01-2014 23:38:21 Windows Update 23-01-2014 19:53:32 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {51BCD14A-6EAF-48E3-9A85-67C3386809EE} - \ProtectedSearch\Protected Search No Task File Task: {528D31FE-3FF7-4A46-834A-8DF397781A89} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {5C61569E-F8C0-42CE-AAA7-A8FF36AB8CCD} - \Browser Updater\Browser Updater No Task File Task: {84397035-34E5-48A5-A5FC-9EFD22E8B986} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22] (Google Inc.) Task: {B2F7DBB3-8B96-443D-9CFD-44B8FA7423C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22] (Google Inc.) Task: {EF72D320-7853-4A48-9935-641298F7ED21} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-16] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-23 11:11 - 2013-08-23 11:11 - 00539648 _____ () C:\Users\Konni's PC\AppData\Local\Microsoft\Windows Sidebar\Gadgets\ClipboarderDLLs\Clipboarder.64.220.dll 2013-10-25 10:33 - 2013-09-13 15:12 - 00070656 _____ () C:\Users\Konni's PC\AppData\Local\WEB.DE Application {sync-000021}\CoreBranding.dll 2011-09-15 21:44 - 2011-09-15 21:44 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2011-09-15 22:00 - 2011-09-15 22:00 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-10-13 00:55 - 2012-10-13 00:55 - 08506792 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll 2012-10-13 00:55 - 2012-10-13 00:55 - 02353576 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll 2012-10-13 00:55 - 2012-10-13 00:55 - 01013672 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll 2012-10-13 00:55 - 2012-10-13 00:55 - 00363944 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll 2012-10-13 00:55 - 2012-10-13 00:55 - 02480552 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll 2012-10-13 00:55 - 2012-10-13 00:55 - 01346472 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll 2012-10-13 00:55 - 2012-10-13 00:55 - 00205736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll 2012-10-13 00:55 - 2012-10-13 00:55 - 02652584 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll 2012-10-13 00:55 - 2012-10-13 00:55 - 00032680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll 2012-10-13 00:55 - 2012-10-13 00:55 - 00035240 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll 2012-10-13 00:55 - 2012-10-13 00:55 - 00206760 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll 2012-10-13 00:55 - 2012-10-13 00:55 - 11166120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll 2012-10-13 00:55 - 2012-10-13 00:55 - 00276392 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll 2012-10-13 00:31 - 2012-10-13 00:31 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll 2012-10-13 00:31 - 2012-10-13 00:31 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll 2012-10-13 00:54 - 2012-10-13 00:54 - 00437672 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll 2012-10-13 00:55 - 2012-10-13 00:55 - 00445864 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll 2012-10-13 00:55 - 2012-10-13 00:55 - 00520104 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll 2012-10-13 00:55 - 2012-10-13 00:55 - 00720296 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll 2012-10-13 00:53 - 2012-10-13 00:53 - 00605608 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll 2012-10-13 00:55 - 2012-10-13 00:55 - 00092584 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll 2012-10-13 00:30 - 2012-10-13 00:30 - 00110080 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll 2010-08-03 23:39 - 2010-08-03 23:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2010-08-03 23:39 - 2010-08-03 23:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Konni's PC\AppData\Roaming\Dropbox\bin\libcef.dll 2013-12-22 19:03 - 2013-12-22 19:03 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-01-16 18:51 - 2014-01-16 18:58 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== Faulty Device Manager Devices ============= Name: McAfee Inc. mfeapfk Description: McAfee Inc. mfeapfk Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mfeapfk Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/26/2014 05:24:10 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/26/2014 11:03:46 AM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/25/2014 10:05:02 AM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/24/2014 08:00:17 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/24/2014 07:07:35 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/24/2014 05:41:36 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/24/2014 03:42:13 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/24/2014 02:55:23 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/23/2014 05:44:03 PM) (Source: Application Hang) (User: ) Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ecc Startzeit: 01cf18549c8c4252 Endzeit: 95 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 83838d03-844d-11e3-bae4-a94902eb9cf4 Error: (01/23/2014 04:43:13 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) System errors: ============= Error: (01/26/2014 05:24:08 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: %%1243 Error: (01/26/2014 11:03:45 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: %%1243 Error: (01/25/2014 10:06:32 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden. Error: (01/25/2014 10:06:31 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden. Error: (01/25/2014 10:06:31 AM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden. Error: (01/25/2014 10:04:58 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: %%1243 Error: (01/24/2014 08:17:26 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "McAfee Anti-Spam Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/24/2014 08:17:26 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Anti-Spam Service erreicht. Error: (01/24/2014 08:17:26 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/24/2014 08:17:26 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Proxy Service erreicht. Microsoft Office Sessions: ========================= Error: (01/26/2014 05:24:10 PM) (Source: MemeoBackgroundService)(User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/26/2014 11:03:46 AM) (Source: MemeoBackgroundService)(User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/25/2014 10:05:02 AM) (Source: MemeoBackgroundService)(User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/24/2014 08:00:17 PM) (Source: MemeoBackgroundService)(User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/24/2014 07:07:35 PM) (Source: MemeoBackgroundService)(User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/24/2014 05:41:36 PM) (Source: MemeoBackgroundService)(User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/24/2014 03:42:13 PM) (Source: MemeoBackgroundService)(User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/24/2014 02:55:23 PM) (Source: MemeoBackgroundService)(User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/23/2014 05:44:03 PM) (Source: Application Hang)(User: ) Description: firefox.exe26.0.0.5087ecc01cf18549c8c425295C:\Program Files (x86)\Mozilla Firefox\firefox.exe83838d03-844d-11e3-bae4-a94902eb9cf4 Error: (01/23/2014 04:43:13 PM) (Source: MemeoBackgroundService)(User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) ==================== Memory info =========================== Percentage of memory in use: 64% Total physical RAM: 3576.13 MB Available physical RAM: 1257.49 MB Total Pagefile: 7150.45 MB Available Pagefile: 4214.31 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:880.41 GB) (Free:800.6 GB) NTFS Drive d: (Recover) (Fixed) (Total:50 GB) (Free:28.18 GB) NTFS Drive j: (TREKSTOR) (Fixed) (Total:149.05 GB) (Free:145.25 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=880 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ======================================================== Disk: 4 (Size: 149 GB) (Disk ID: 090C54F1) Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.26.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Konni's PC :: KONNISPC-PC [Administrator] 26.01.2014 19:48:09 MBAM-log-2014-01-27 (01-51-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 356631 Laufzeit: 3 Stunde(n), 8 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Keine Aktion durchgeführt. HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bösartig: (hxxp://search.conduit.com/?ctid=CT3317892&octid=CT3317892&SearchSource=61&CUI=UN33530904012615512&UM=2&UP=SPA07219EE-B586-41AC-A8BE-FE06016BBD04&SSPV=) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 1 C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 6 C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Keine Aktion durchgeführt. C:\Users\Konni's PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBANO4UD\mgsqlite3[1].7z (PUP.Optional.SweetIM) -> Keine Aktion durchgeführt. C:\Windows\Temp\nsb8915.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Windows\Temp\nsbF5DD.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Windows\Temp\nsw9095.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Windows\Temp\nsw94D7.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.26.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Konni's PC :: KONNISPC-PC [Administrator] 26.01.2014 19:48:09 MBAM-log-2014-01-27 (01-51-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 356631 Laufzeit: 3 Stunde(n), 8 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Keine Aktion durchgeführt. HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bösartig: (hxxp://search.conduit.com/?ctid=CT3317892&octid=CT3317892&SearchSource=61&CUI=UN33530904012615512&UM=2&UP=SPA07219EE-B586-41AC-A8BE-FE06016BBD04&SSPV=) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 1 C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 6 C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Keine Aktion durchgeführt. C:\Users\Konni's PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBANO4UD\mgsqlite3[1].7z (PUP.Optional.SweetIM) -> Keine Aktion durchgeführt. C:\Windows\Temp\nsb8915.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Windows\Temp\nsbF5DD.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Windows\Temp\nsw9095.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Windows\Temp\nsw94D7.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. (Ende) |
27.01.2014, 14:08 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein Mozilla Firefox stürzt immer wieder ab Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Mein Mozilla Firefox stürzt immer wieder ab |
27.01.2014, 14:41 | #7 |
| Mein Mozilla Firefox stürzt immer wieder abCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009 www.malwarebytes.org Database version: v2014.01.27.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Konni's PC :: KONNISPC-PC [administrator] 27.01.2014 14:13:09 mbar-log-2014-01-27 (14-13-09).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 238396 Time elapsed: 23 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
27.01.2014, 15:09 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein Mozilla Firefox stürzt immer wieder ab Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
27.01.2014, 16:43 | #9 |
| Mein Mozilla Firefox stürzt immer wieder abCode:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 27/01/2014 um 16:00:43 # Aktualisiert 12/01/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Konni's PC - KONNISPC-PC # Gestartet von : C:\Users\Konni's PC\Downloads\adwcleaner(2).exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gelöscht : C:\Windows\System32\Tasks\Browser Updater Datei Gelöscht : C:\Windows\System32\Tasks\ProtectedSearch ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v26.0 (de) [ Datei : C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\prefs.js ] [ Datei : C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_515179\prefs.js ] ************************* AdwCleaner[R0].txt - [6448 octets] - [27/01/2014 02:10:15] AdwCleaner[R1].txt - [1166 octets] - [27/01/2014 15:56:27] AdwCleaner[S0].txt - [6353 octets] - [27/01/2014 02:14:29] AdwCleaner[S1].txt - [1088 octets] - [27/01/2014 16:00:43] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1148 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Windows 7 Home Premium x64 Ran by Konni's PC on 27.01.2014 at 16:08:39,45 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8F1C47AF-330A-4356-9012-9B3D83E7D65D} ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Konni's PC\appdata\local\{015A99D0-DD55-421E-B681-C035CEB86866} Successfully deleted: [Empty Folder] C:\Users\Konni's PC\appdata\local\{78ABAA2E-9C9D-442E-B4ED-71060235558B} ~~~ FireFox Emptied folder: C:\Users\Konni's PC\AppData\Roaming\mozilla\firefox\profiles\pfdtkxs4.default\minidumps [290 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 27.01.2014 at 16:34:03,70 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014 Ran by Konni's PC (administrator) on KONNISPC-PC on 27-01-2014 16:36:01 Running from C:\Users\Konni's PC\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe () C:\Windows\System32\DlProtectSvc.exe () C:\Windows\System32\asydfilt.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (ElmüSoft) C:\Program Files (x86)\PTBSync\PTBSync.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (1&1 Mail & Media GmbH) C:\Users\Konni's PC\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ElmüSoft) C:\Program Files (x86)\PTBSync\PTBSync.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\ProgramData\dlprotect.exe (Dropbox, Inc.) C:\Users\Konni's PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe (Farbar) C:\Users\Konni's PC\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [PTBSync] - C:\Program Files (x86)\PTBSync\PTBSync.exe [1582592 2013-08-19] (ElmüSoft) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-01-14] () HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung) HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung) HKCU\...\Run: [WEB.DE Application {sync-000021}] - C:\Users\Konni's PC\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe [875008 2013-09-13] (1&1 Mail & Media GmbH) HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] () HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] () Startup: C:\Users\Konni's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Konni's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Konni's PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search SearchScopes: HKCU - URL hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=5.1&ts=1381322332636.000009&tguid=66920-6787-1381322332636-7B431BEA5E90FC56CE2346F6AA8F9567&q={searchTerms} SearchScopes: HKCU - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=66920&gid=66920-6787-1381322332636-7B431BEA5E90FC56CE2346F6AA8F9567&dbCode=1&command={searchTerms} SearchScopes: HKCU - TopResultURLFallback hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=5.1&ts=1381322332636.000009&tguid=66920-6787-1381322332636-7B431BEA5E90FC56CE2346F6AA8F9567&q={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\badoo.xml FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Schnäppchenfuchs Gutscheinfinder - C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\Extensions\firefox2@schnaeppchenfuchs.com [2014-01-14] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-01-24] FF Extension: WEB.DE MailCheck - C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\Extensions\toolbar@web.de.xpi [2012-01-24] FF Extension: Adblock Plus - C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-29] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-01-25] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-01-25] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (Der Schnäppchenfuchs Gutscheinfinder) - C:\Users\Konni's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\camijhkahcckljhgpgfgglbegedoepda [2014-01-14] CHR HKLM\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [2014-01-14] CHR HKCU\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [2014-01-14] CHR HKLM-x32\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [2014-01-14] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-01-11] ==================== Services (Whitelisted) ================= S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-05-27] (Adobe Systems) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-15] (Advanced Micro Devices, Inc.) R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [125440 2014-01-14] () R2 getmac64; C:\Windows\system32\asydfilt.exe [118784 2014-01-14] () R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-12-05] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [184800 2013-12-05] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 PTBSync; C:\Program Files (x86)\PTBSync\PTBSync.exe [1582592 2013-08-19] (ElmüSoft) S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-09] (soft Xpansion) ==================== Drivers (Whitelisted) ==================== R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-12-05] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-12-05] (McAfee, Inc.) R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-12-05] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-12-05] (McAfee, Inc.) R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782616 2013-12-05] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.) R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-12-05] (McAfee, Inc.) R2 WinRing0_1_2_0; C:\Windows\system32\Drivers\ptbring0.sys [14544 2013-08-19] (OpenLibSys.org) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-27 16:35 - 2014-01-27 16:35 - 02078208 _____ (Farbar) C:\Users\Konni's PC\Downloads\FRST64(1).exe 2014-01-27 16:34 - 2014-01-27 16:34 - 00001139 _____ C:\Users\Konni's PC\Desktop\JRT.txt 2014-01-27 16:07 - 2014-01-27 16:07 - 01037068 _____ (Thisisu) C:\Users\Konni's PC\Downloads\JRT.exe 2014-01-27 15:54 - 2014-01-27 15:54 - 01236282 _____ C:\Users\Konni's PC\Downloads\adwcleaner(2).exe 2014-01-27 14:12 - 2014-01-27 14:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-27 14:12 - 2014-01-27 14:12 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-01-27 14:11 - 2014-01-27 14:40 - 00000000 ____D C:\Users\Konni's PC\Desktop\mbar 2014-01-27 14:11 - 2014-01-27 14:11 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Konni's PC\Downloads\mbar-1.07.0.1009.exe 2014-01-27 14:11 - 2014-01-27 14:11 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-01-27 02:10 - 2014-01-27 16:00 - 00000000 ____D C:\AdwCleaner 2014-01-27 02:09 - 2014-01-27 02:09 - 01236282 _____ C:\Users\Konni's PC\Downloads\adwcleaner.exe 2014-01-27 02:09 - 2014-01-27 02:09 - 01236282 _____ C:\Users\Konni's PC\Downloads\adwcleaner(1).exe 2014-01-26 19:45 - 2014-01-26 19:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-26 19:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-26 17:43 - 2014-01-26 17:46 - 00062553 _____ C:\Users\Konni's PC\Downloads\Addition.txt 2014-01-26 17:40 - 2014-01-27 16:36 - 00020990 _____ C:\Users\Konni's PC\Downloads\FRST.txt 2014-01-26 17:40 - 2014-01-26 17:40 - 00000000 ____D C:\FRST 2014-01-26 17:38 - 2014-01-26 17:38 - 02078208 _____ (Farbar) C:\Users\Konni's PC\Downloads\FRST64.exe 2014-01-24 20:23 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 10:30 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 10:30 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-14 17:31 - 2014-01-14 17:32 - 00000000 ____D C:\Program Files (x86)\PallySoftAddon 2014-01-14 17:31 - 2014-01-14 17:31 - 00125440 _____ C:\Windows\system32\DlProtectSvc.exe 2014-01-14 17:31 - 2014-01-14 17:31 - 00118784 _____ C:\Windows\system32\asydfilt.exe 2014-01-14 17:31 - 2014-01-14 17:31 - 00012800 _____ C:\ProgramData\dlprotect.exe 2014-01-14 17:26 - 2014-01-14 17:26 - 00600408 _____ C:\Users\Konni's PC\Downloads\profren-Downloader(1).exe 2014-01-14 17:25 - 2014-01-14 17:26 - 00600408 _____ C:\Users\Konni's PC\Downloads\profren-Downloader.exe 2014-01-14 17:11 - 2014-01-14 17:11 - 01086488 _____ (TGRMN Software ) C:\Users\Konni's PC\Downloads\BRU_Setup_WinNTx64.exe ==================== One Month Modified Files and Folders ======= 2014-01-27 16:36 - 2014-01-26 17:40 - 00020990 _____ C:\Users\Konni's PC\Downloads\FRST.txt 2014-01-27 16:35 - 2014-01-27 16:35 - 02078208 _____ (Farbar) C:\Users\Konni's PC\Downloads\FRST64(1).exe 2014-01-27 16:34 - 2014-01-27 16:34 - 00001139 _____ C:\Users\Konni's PC\Desktop\JRT.txt 2014-01-27 16:10 - 2009-07-14 05:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-27 16:10 - 2009-07-14 05:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-27 16:07 - 2014-01-27 16:07 - 01037068 _____ (Thisisu) C:\Users\Konni's PC\Downloads\JRT.exe 2014-01-27 16:03 - 2012-07-13 13:32 - 00000000 ___RD C:\Users\Konni's PC\Dropbox 2014-01-27 16:03 - 2012-07-13 13:27 - 00000000 ____D C:\Users\Konni's PC\AppData\Roaming\Dropbox 2014-01-27 16:03 - 2012-02-14 11:07 - 00001455 _____ C:\Users\Konni's PC\Documents\PTBSync-AutoExport-KonniS Pc.ini 2014-01-27 16:03 - 2012-02-14 11:07 - 00000836 _____ C:\Users\Konni's PC\Documents\PTBSync-DesktopSetting-KonniS Pc.txt 2014-01-27 16:02 - 2012-01-22 03:38 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-27 16:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-27 16:02 - 2009-07-14 05:51 - 00122364 _____ C:\Windows\setupact.log 2014-01-27 16:01 - 2012-01-22 03:31 - 01408990 _____ C:\Windows\WindowsUpdate.log 2014-01-27 16:00 - 2014-01-27 02:10 - 00000000 ____D C:\AdwCleaner 2014-01-27 15:54 - 2014-01-27 15:54 - 01236282 _____ C:\Users\Konni's PC\Downloads\adwcleaner(2).exe 2014-01-27 15:54 - 2012-04-02 17:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-27 15:02 - 2012-01-22 03:38 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-27 14:40 - 2014-01-27 14:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-27 14:40 - 2014-01-27 14:11 - 00000000 ____D C:\Users\Konni's PC\Desktop\mbar 2014-01-27 14:12 - 2014-01-27 14:12 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-01-27 14:11 - 2014-01-27 14:11 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Konni's PC\Downloads\mbar-1.07.0.1009.exe 2014-01-27 14:11 - 2014-01-27 14:11 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-01-27 02:09 - 2014-01-27 02:09 - 01236282 _____ C:\Users\Konni's PC\Downloads\adwcleaner.exe 2014-01-27 02:09 - 2014-01-27 02:09 - 01236282 _____ C:\Users\Konni's PC\Downloads\adwcleaner(1).exe 2014-01-27 01:53 - 2010-11-21 04:47 - 00141334 _____ C:\Windows\PFRO.log 2014-01-27 01:51 - 2013-09-11 19:02 - 00000000 ____D C:\Users\Konni's PC\AppData\Local\Clipboarder 2014-01-26 19:46 - 2014-01-26 19:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-26 17:46 - 2014-01-26 17:43 - 00062553 _____ C:\Users\Konni's PC\Downloads\Addition.txt 2014-01-26 17:40 - 2014-01-26 17:40 - 00000000 ____D C:\FRST 2014-01-26 17:38 - 2014-01-26 17:38 - 02078208 _____ (Farbar) C:\Users\Konni's PC\Downloads\FRST64.exe 2014-01-26 11:03 - 2012-01-25 01:51 - 00000000 ____D C:\Program Files (x86)\McAfee 2014-01-24 20:17 - 2012-01-25 01:51 - 00000000 ____D C:\Program Files\Common Files\McAfee 2014-01-24 19:11 - 2011-05-16 15:04 - 00654150 _____ C:\Windows\system32\perfh007.dat 2014-01-24 19:11 - 2011-05-16 15:04 - 00130022 _____ C:\Windows\system32\perfc007.dat 2014-01-24 19:11 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-24 12:58 - 2012-07-13 13:29 - 00000000 ____D C:\Users\Konni's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-24 11:42 - 2012-02-14 00:17 - 00000000 ____D C:\Users\Konni's PC\Weisheiten 2014-01-19 15:32 - 2013-01-14 13:18 - 00000000 ____D C:\Users\Konni's PC\aa noch zuordnen 2014-01-18 12:39 - 2012-01-22 03:45 - 00000000 ___RD C:\Users\Konni's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-16 18:59 - 2012-02-20 21:53 - 00000000 ____D C:\Users\Konni's PC\AppData\Local\Adobe 2014-01-16 18:58 - 2013-07-19 09:37 - 00002170 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-01-16 18:58 - 2012-11-20 09:31 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan 2014-01-16 18:58 - 2012-04-02 17:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-16 18:58 - 2012-04-02 17:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-01-16 18:58 - 2011-10-14 13:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-16 18:07 - 2009-07-14 05:45 - 00377680 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-16 00:46 - 2013-08-20 02:01 - 00000000 ____D C:\Windows\system32\MRT 2014-01-16 00:39 - 2011-07-18 21:31 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-14 17:32 - 2014-01-14 17:31 - 00000000 ____D C:\Program Files (x86)\PallySoftAddon 2014-01-14 17:31 - 2014-01-14 17:31 - 00125440 _____ C:\Windows\system32\DlProtectSvc.exe 2014-01-14 17:31 - 2014-01-14 17:31 - 00118784 _____ C:\Windows\system32\asydfilt.exe 2014-01-14 17:31 - 2014-01-14 17:31 - 00012800 _____ C:\ProgramData\dlprotect.exe 2014-01-14 17:26 - 2014-01-14 17:26 - 00600408 _____ C:\Users\Konni's PC\Downloads\profren-Downloader(1).exe 2014-01-14 17:26 - 2014-01-14 17:25 - 00600408 _____ C:\Users\Konni's PC\Downloads\profren-Downloader.exe 2014-01-14 17:11 - 2014-01-14 17:11 - 01086488 _____ (TGRMN Software ) C:\Users\Konni's PC\Downloads\BRU_Setup_WinNTx64.exe 2014-01-14 14:28 - 2013-12-08 17:57 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk 2014-01-14 14:28 - 2012-09-25 09:48 - 01594880 ___SH C:\Users\Konni's PC\Downloads\Thumbs.db 2013-12-30 17:01 - 2012-04-26 11:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service Files to move or delete: ==================== C:\ProgramData\dlprotect.exe Some content of TEMP: ==================== C:\Users\Konni's PC\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Konni's PC\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 13:30 ==================== End Of Log ============================ --- --- --- |
27.01.2014, 16:56 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein Mozilla Firefox stürzt immer wieder ab Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter SearchScopes: HKCU - URL http://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=5.1&ts=1381322332636.000009&tguid=66920-6787-1381322332636-7B431BEA5E90FC56CE2346F6AA8F9567&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-01-14] ( FF Extension: Schnäppchenfuchs Gutscheinfinder - C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\Extensions\firefox2@schnaeppchenfuchs.com [2014-01-14] R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [125440 2014-01-14] () R2 getmac64; C:\Windows\system32\asydfilt.exe [118784 2014-01-14] () C:\Users\Konni's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\camijhkahcckljhgpgfgglbegedoepda C:\ProgramData\dlprotect.exe C:\Users\Konni's PC\AppData\Local\Temp\NOSEventMessages.dll C:\Windows\system32\asydfilt.exe Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
27.01.2014, 18:28 | #11 |
| Mein Mozilla Firefox stürzt immer wieder ab [CODE]Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-01-2014 Ran by Konni's PC at 2014-01-27 18:22:04 Run:2 Running from C:\Users\Konni's PC\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKCU - URL hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=5.1&ts=1381322332636.000009&tguid=66920-6787-1381322332636-7B431BEA5E90FC56CE2346F6AA8F9567&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-01-14] ( FF Extension: Schnäppchenfuchs Gutscheinfinder - C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\Extensions\firefox2@schnaeppchenfuchs.com [2014-01-14] R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [125440 2014-01-14] () R2 getmac64; C:\Windows\system32\asydfilt.exe [118784 2014-01-14] () C:\Users\Konni's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\camijhkahcckljhgpgfgglbegedoepda C:\ProgramData\dlprotect.exe C:\Users\Konni's PC\AppData\Local\Temp\NOSEventMessages.dll C:\Windows\system32\asydfilt.exe ***************** HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value not found. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Download Protect => Value not found. C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\Extensions\firefox2@schnaeppchenfuchs.com not found. DlProtectSvc => Service not found. getmac64 => Service not found. "C:\Users\Konni's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\camijhkahcckljhgpgfgglbegedoepda" => File/Directory not found. "C:\ProgramData\dlprotect.exe" => File/Directory not found. "C:\Users\Konni's PC\AppData\Local\Temp\NOSEventMessages.dll" => File/Directory not found. "C:\Windows\system32\asydfilt.exe" => File/Directory not found. ==== End of Fixlog ====[CODE] Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-01-2014 Ran by Konni's PC at 2014-01-27 18:22:04 Run:2 Running from C:\Users\Konni's PC\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKCU - URL hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=5.1&ts=1381322332636.000009&tguid=66920-6787-1381322332636-7B431BEA5E90FC56CE2346F6AA8F9567&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-01-14] ( FF Extension: Schnäppchenfuchs Gutscheinfinder - C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\Extensions\firefox2@schnaeppchenfuchs.com [2014-01-14] R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [125440 2014-01-14] () R2 getmac64; C:\Windows\system32\asydfilt.exe [118784 2014-01-14] () C:\Users\Konni's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\camijhkahcckljhgpgfgglbegedoepda C:\ProgramData\dlprotect.exe C:\Users\Konni's PC\AppData\Local\Temp\NOSEventMessages.dll C:\Windows\system32\asydfilt.exe ***************** HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value not found. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Download Protect => Value not found. C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\Extensions\firefox2@schnaeppchenfuchs.com not found. DlProtectSvc => Service not found. getmac64 => Service not found. "C:\Users\Konni's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\camijhkahcckljhgpgfgglbegedoepda" => File/Directory not found. "C:\ProgramData\dlprotect.exe" => File/Directory not found. "C:\Users\Konni's PC\AppData\Local\Temp\NOSEventMessages.dll" => File/Directory not found. "C:\Windows\system32\asydfilt.exe" => File/Directory not found. ==== End of Fixlog ==== |
27.01.2014, 23:31 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein Mozilla Firefox stürzt immer wieder ab Frische FRST Logs bitte
__________________ Logfiles bitte immer in CODE-Tags posten |
28.01.2014, 16:41 | #13 |
| Mein Mozilla Firefox stürzt immer wieder ab [CODE]Bussi FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014 02 Ran by Konni's PC (administrator) on KONNISPC-PC on 28-01-2014 16:37:17 Running from C:\Users\Konni's PC\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (ElmüSoft) C:\Program Files (x86)\PTBSync\PTBSync.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (1&1 Mail & Media GmbH) C:\Users\Konni's PC\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Dropbox, Inc.) C:\Users\Konni's PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ElmüSoft) C:\Program Files (x86)\PTBSync\PTBSync.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\mcuicnt.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (Farbar) C:\Users\Konni's PC\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [PTBSync] - C:\Program Files (x86)\PTBSync\PTBSync.exe [1582592 2013-08-19] (ElmüSoft) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung) HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung) HKCU\...\Run: [WEB.DE Application {sync-000021}] - C:\Users\Konni's PC\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe [875008 2013-09-13] (1&1 Mail & Media GmbH) HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] () HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] () HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] () Startup: C:\Users\Konni's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Konni's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Konni's PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search SearchScopes: HKCU - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=66920&gid=66920-6787-1381322332636-7B431BEA5E90FC56CE2346F6AA8F9567&dbCode=1&command={searchTerms} SearchScopes: HKCU - TopResultURLFallback hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=5.1&ts=1381322332636.000009&tguid=66920-6787-1381322332636-7B431BEA5E90FC56CE2346F6AA8F9567&q={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\badoo.xml FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus Pop-up Addon - C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-01-24] FF Extension: WEB.DE MailCheck - C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\Extensions\toolbar@web.de.xpi [2012-01-24] FF Extension: Adblock Plus - C:\Users\Konni's PC\AppData\Roaming\Mozilla\Firefox\Profiles\pfdtkxs4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-29] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-01-25] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-01-25] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [] CHR HKCU\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [] CHR HKLM-x32\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-01-11] ==================== Services (Whitelisted) ================= S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-05-27] (Adobe Systems) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-15] (Advanced Micro Devices, Inc.) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-12-05] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [184800 2013-12-05] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 PTBSync; C:\Program Files (x86)\PTBSync\PTBSync.exe [1582592 2013-08-19] (ElmüSoft) S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-09] (soft Xpansion) ==================== Drivers (Whitelisted) ==================== R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-12-05] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-12-05] (McAfee, Inc.) R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-12-05] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-12-05] (McAfee, Inc.) R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782616 2013-12-05] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.) R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-12-05] (McAfee, Inc.) R2 WinRing0_1_2_0; C:\Windows\system32\Drivers\ptbring0.sys [14544 2013-08-19] (OpenLibSys.org) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-28 16:37 - 2014-01-28 16:37 - 00019408 _____ C:\Users\Konni's PC\Downloads\FRST.txt 2014-01-28 16:36 - 2014-01-28 16:37 - 02079232 _____ (Farbar) C:\Users\Konni's PC\Downloads\FRST64(1).exe 2014-01-27 18:18 - 2014-01-27 18:18 - 02078208 _____ (Farbar) C:\Users\Konni's PC\Downloads\FRST64.exe 2014-01-27 14:12 - 2014-01-27 14:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-27 14:12 - 2014-01-27 14:12 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-01-27 02:10 - 2014-01-27 16:00 - 00000000 ____D C:\AdwCleaner 2014-01-26 17:40 - 2014-01-27 18:14 - 00000000 ____D C:\FRST 2014-01-24 20:23 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 10:30 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 10:30 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 10:30 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-14 17:31 - 2014-01-14 17:32 - 00000000 ____D C:\Program Files (x86)\PallySoftAddon 2014-01-14 17:31 - 2014-01-14 17:31 - 00125440 _____ C:\Windows\system32\DlProtectSvc.exe 2014-01-14 17:26 - 2014-01-14 17:26 - 00600408 _____ C:\Users\Konni's PC\Downloads\profren-Downloader(1).exe 2014-01-14 17:25 - 2014-01-14 17:26 - 00600408 _____ C:\Users\Konni's PC\Downloads\profren-Downloader.exe 2014-01-14 17:11 - 2014-01-14 17:11 - 01086488 _____ (TGRMN Software ) C:\Users\Konni's PC\Downloads\BRU_Setup_WinNTx64.exe ==================== One Month Modified Files and Folders ======= 2014-01-28 16:38 - 2014-01-28 16:37 - 00019408 _____ C:\Users\Konni's PC\Downloads\FRST.txt 2014-01-28 16:37 - 2014-01-28 16:36 - 02079232 _____ (Farbar) C:\Users\Konni's PC\Downloads\FRST64(1).exe 2014-01-28 16:33 - 2012-07-13 13:27 - 00000000 ____D C:\Users\Konni's PC\AppData\Roaming\Dropbox 2014-01-28 16:32 - 2012-07-13 13:32 - 00000000 ___RD C:\Users\Konni's PC\Dropbox 2014-01-28 16:32 - 2012-02-14 11:07 - 00001455 _____ C:\Users\Konni's PC\Documents\PTBSync-AutoExport-KonniS Pc.ini 2014-01-28 16:32 - 2012-02-14 11:07 - 00000836 _____ C:\Users\Konni's PC\Documents\PTBSync-DesktopSetting-KonniS Pc.txt 2014-01-28 16:31 - 2012-01-22 03:38 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-28 16:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-28 16:31 - 2009-07-14 05:51 - 00122476 _____ C:\Windows\setupact.log 2014-01-28 01:10 - 2012-01-22 03:31 - 01444007 _____ C:\Windows\WindowsUpdate.log 2014-01-28 01:02 - 2012-01-22 03:38 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-28 00:54 - 2012-04-02 17:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-27 18:18 - 2014-01-27 18:18 - 02078208 _____ (Farbar) C:\Users\Konni's PC\Downloads\FRST64.exe 2014-01-27 18:14 - 2014-01-26 17:40 - 00000000 ____D C:\FRST 2014-01-27 18:14 - 2012-09-25 09:48 - 01594880 ___SH C:\Users\Konni's PC\Downloads\Thumbs.db 2014-01-27 16:56 - 2009-07-14 05:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-27 16:56 - 2009-07-14 05:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-27 16:00 - 2014-01-27 02:10 - 00000000 ____D C:\AdwCleaner 2014-01-27 14:40 - 2014-01-27 14:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-27 14:12 - 2014-01-27 14:12 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-01-27 01:53 - 2010-11-21 04:47 - 00141334 _____ C:\Windows\PFRO.log 2014-01-27 01:51 - 2013-09-11 19:02 - 00000000 ____D C:\Users\Konni's PC\AppData\Local\Clipboarder 2014-01-26 11:03 - 2012-01-25 01:51 - 00000000 ____D C:\Program Files (x86)\McAfee 2014-01-24 20:17 - 2012-01-25 01:51 - 00000000 ____D C:\Program Files\Common Files\McAfee 2014-01-24 19:11 - 2011-05-16 15:04 - 00654150 _____ C:\Windows\system32\perfh007.dat 2014-01-24 19:11 - 2011-05-16 15:04 - 00130022 _____ C:\Windows\system32\perfc007.dat 2014-01-24 19:11 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-24 12:58 - 2012-07-13 13:29 - 00000000 ____D C:\Users\Konni's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-24 11:42 - 2012-02-14 00:17 - 00000000 ____D C:\Users\Konni's PC\Weisheiten 2014-01-19 15:32 - 2013-01-14 13:18 - 00000000 ____D C:\Users\Konni's PC\aa noch zuordnen 2014-01-18 12:39 - 2012-01-22 03:45 - 00000000 ___RD C:\Users\Konni's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-16 18:59 - 2012-02-20 21:53 - 00000000 ____D C:\Users\Konni's PC\AppData\Local\Adobe 2014-01-16 18:58 - 2013-07-19 09:37 - 00002170 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-01-16 18:58 - 2012-11-20 09:31 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan 2014-01-16 18:58 - 2012-04-02 17:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-16 18:58 - 2012-04-02 17:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-01-16 18:58 - 2011-10-14 13:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-16 18:07 - 2009-07-14 05:45 - 00377680 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-16 00:46 - 2013-08-20 02:01 - 00000000 ____D C:\Windows\system32\MRT 2014-01-16 00:39 - 2011-07-18 21:31 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-14 17:32 - 2014-01-14 17:31 - 00000000 ____D C:\Program Files (x86)\PallySoftAddon 2014-01-14 17:31 - 2014-01-14 17:31 - 00125440 _____ C:\Windows\system32\DlProtectSvc.exe 2014-01-14 17:26 - 2014-01-14 17:26 - 00600408 _____ C:\Users\Konni's PC\Downloads\profren-Downloader(1).exe 2014-01-14 17:26 - 2014-01-14 17:25 - 00600408 _____ C:\Users\Konni's PC\Downloads\profren-Downloader.exe 2014-01-14 17:11 - 2014-01-14 17:11 - 01086488 _____ (TGRMN Software ) C:\Users\Konni's PC\Downloads\BRU_Setup_WinNTx64.exe 2014-01-14 14:28 - 2013-12-08 17:57 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-12-30 17:01 - 2012-04-26 11:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\Konni's PC\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Konni's PC\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 13:30 ==================== End Of Log ============================ |
28.01.2014, 23:39 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein Mozilla Firefox stürzt immer wieder ab Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter SearchScopes: HKCU - TopResultURLFallback http://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=5.1&ts=1381322332636.000009&tguid=66920-6787-1381322332636-7B431BEA5E90FC56CE2346F6AA8F9567&q={searchTerms} C:\Windows\system32\DlProtectSvc.exe C:\Users\Konni's PC\Downloads\*.exe C:\Program Files (x86)\PallySoftAddon Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
29.01.2014, 01:34 | #15 |
| Mein Mozilla Firefox stürzt immer wieder abCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-01-2014 02 Ran by Konni's PC at 2014-01-29 01:34:02 Run:3 Running from C:\Users\Konni's PC\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKCU - TopResultURLFallback hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=5.1&ts=1381322332636.000009&tguid=66920-6787-1381322332636-7B431BEA5E90FC56CE2346F6AA8F9567&q={searchTerms} C:\Windows\system32\DlProtectSvc.exe C:\Users\Konni's PC\Downloads\*.exe C:\Program Files (x86)\PallySoftAddon ***************** HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\TopResultURLFallback => Value deleted successfully. C:\Windows\system32\DlProtectSvc.exe => Moved successfully. C:\Users\Konni's PC\Downloads\*.exe => Moved successfully. C:\Program Files (x86)\PallySoftAddon => Moved successfully. ==== End of Fixlog ==== |
Themen zu Mein Mozilla Firefox stürzt immer wieder ab |
%systemroot%, anbieter, anwendung, client, enthält, erscheint, erstell, fehlerbericht, firefox, immer wieder, informationen, problembericht, punkt, pup.optional.conduit, pup.optional.conduit.a, pup.optional.searchprotect.a, pup.optional.sweetim, stream, stürzt, system32, tab, toolbar |