![]() |
|
Plagegeister aller Art und deren Bekämpfung: Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr Hallo, seit einiger Zeit braucht mein laptop EEEEEEWIG sich zu booten, seit kurzem hab ich ständig Fehlermeldungen bei t-online-email und Aufhänger. Seit ein paar Tagen öffnen sich willkürlich pop-up-Fenster und das laptop hängt sich auf....auch ohne pop ups. Hier mal die Vorarbeit und schon mal VIELEN DANK für die Hilfe. LG Mundi defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 10:56 on 03/03/2014 (Raimund) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014 Ran by Raimund (administrator) on RAIMUND-PC on 03-03-2014 10:57:37 Running from C:\Users\Raimund\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Deutsche Telekom AG) C:\Users\Raimund\AppData\Local\DTAG\Dtor.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe (Memeo) C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe (NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe (Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (NVIDIA) C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe () C:\Program Files\Memeo\AutoBackup\InstantBackup.exe (Axentra Corporation) C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13543968 2008-06-08] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-06-08] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.) HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.) HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] () HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-01-29] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-29] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [255528 2007-02-01] (Nuance Communications, Inc.) HKLM\...\Run: [ToADiMon.exe] - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [286720 2010-04-08] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) HKLM\...\Run: [Memeo Instant Backup] - C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-13] (Memeo Inc.) HKLM\...\Run: [Memeo AutoSync] - C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-13] (Memeo Inc.) HKLM\...\Run: [Seagate Dashboard] - C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-02] () HKLM\...\Run: [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.) HKLM\...\Run: [Sweetpacks Communicator] - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [] - [X] HKU\.DEFAULT\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-19\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com) HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [InfoCockpit] - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2009-04-29] (Deutsche Telekom AG, T-Com) HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-03-17] (Hewlett-Packard Company) HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [Adobe Reader Synchronizer] - C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272704 2013-12-18] (Adobe Systems Incorporated) HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [DTAGSSDVDReport] - C:\Users\Raimund\AppData\Local\Dtag\Dtor.exe [4960192 2012-10-17] (Deutsche Telekom AG) HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-2041681157-4064094354-3424151552-1003\...\MountPoints2: {e634a84b-2703-11df-b15a-806e6f6e6963} - G:\Menu.exe Startup: C:\Users\Raimund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-9.html HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10028&barid={BCE9DD1B-3643-11E2-90E0-001377D48AE0} URLSearchHook: HKLM - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.) URLSearchHook: HKCU - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.) SearchScopes: HKLM - DefaultScope {EF986012-BAC9-477D-B337-8A2C55A9753B} URL = SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={BCE9DD1B-3643-11E2-90E0-001377D48AE0} SearchScopes: HKCU - DefaultScope {EF986012-BAC9-477D-B337-8A2C55A9753B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297969&CUI=UN22117582881162115&UM=1 SearchScopes: HKCU - {5119FB30-9FFF-47B4-8A80-19A544DEC875} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742 SearchScopes: HKCU - {68B6BBB4-2B92-42B8-9071-45F275E0AF04} URL = hxxp://rover.ebay.com/rover/1/707-1403-276402/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={sear chTerms} SearchScopes: HKCU - {7956413B-17A5-4099-912A-FA61DDCBE3C3} URL = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi SearchScopes: HKCU - {DD1D79C2-C6C2-4E82-8BD6-C2A07E973047} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={BCE9DD1B-3643-11E2-90E0-001377D48AE0} SearchScopes: HKCU - {EF986012-BAC9-477D-B337-8A2C55A9753B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297969&CUI=UN22117582881162115&UM=1 BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation) BHO: FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.) BHO: LyricsPal - {A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - C:\Program Files\XingHaoLyrics\lrcspal.dll No File BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM - FileConverter 1.3 B2 Toolbar - {99a9c3ba-07f6-4699-bc81-65cab16e204b} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKCU - FileConverter 1.3 B2 Toolbar - {99A9C3BA-07F6-4699-BC81-65CAB16E204B} - C:\Program Files\FileConverter_1.3_B2\prxtbFile.dll (Conduit Ltd.) DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: Internet Shortcut - {FBF23B40-E3F0-101B-8488-00AA003E56F8} - C:\Windows\System32\ieframe.dll [9739264 2014-02-05] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 ========================== Services (Whitelisted) ================= R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-05-13] (Memeo) R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation) R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [191080 2010-03-22] (NVIDIA) R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] () S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] () R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-02] (Memeo) R2 UpdateCenterService; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [195176 2009-11-06] (NVIDIA) ==================== Drivers (Whitelisted) ==================== S3 a016bus; C:\Windows\System32\DRIVERS\a016bus.sys [83880 2008-01-18] (MCCI Corporation) S3 a016mdfl; C:\Windows\System32\DRIVERS\a016mdfl.sys [15016 2008-01-18] (MCCI Corporation) S3 a016mdm; C:\Windows\System32\DRIVERS\a016mdm.sys [110504 2008-01-18] (MCCI Corporation) S3 a016mgmt; C:\Windows\System32\DRIVERS\a016mgmt.sys [104488 2008-01-18] (MCCI Corporation) S3 a016obex; C:\Windows\System32\DRIVERS\a016obex.sys [100648 2008-01-18] (MCCI Corporation) R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-13] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-13] (Symantec Corporation) S3 GWHid; C:\Windows\System32\DRIVERS\GWHid.sys [18992 2008-10-31] (Microsoft Corporation) R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140228.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation) R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-05-23] (SAMSUNG ELECTRONICS CO., LTD.) S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140302.024\NAVENG.SYS [93272 2013-12-13] (Symantec Corporation) R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140302.024\NAVEX15.SYS [1612376 2013-12-13] (Symantec Corporation) R3 SRTSP; C:\Windows\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-07-31] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-08-01] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-07-31] (Symantec Corporation) R1 SYMTDIv; C:\Windows\system32\drivers\NIS\1501000.012\SYMTDIV.SYS [383576 2013-09-26] (Symantec Corporation) S3 VL807; C:\Windows\System32\DRIVERS\VL807.sys [27184 2008-10-31] () R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242560 2008-04-05] (Vimicro Corporation) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 netr28u; system32\DRIVERS\netr28u.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S2 PCASp50; System32\Drivers\PCASp50.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-03 10:57 - 2014-03-03 10:59 - 00017858 _____ () C:\Users\Raimund\Desktop\FRST.txt 2014-03-03 10:57 - 2014-03-03 10:57 - 00000000 ____D () C:\FRST 2014-03-03 10:56 - 2014-03-03 10:56 - 00000476 _____ () C:\Users\Raimund\Desktop\defogger_disable.log 2014-03-03 10:56 - 2014-03-03 10:56 - 00000000 _____ () C:\Users\Raimund\defogger_reenable 2014-03-03 10:52 - 2014-03-03 10:52 - 00380416 _____ () C:\Users\Raimund\Desktop\Gmer-19357.exe 2014-03-03 10:51 - 2014-03-03 10:51 - 01145344 _____ (Farbar) C:\Users\Raimund\Desktop\FRST.exe 2014-03-03 10:50 - 2014-03-03 10:50 - 00050477 _____ () C:\Users\Raimund\Desktop\Defogger.exe 2014-03-02 00:39 - 2014-03-02 00:41 - 00000000 ____D () C:\Users\Raimund\Documents\Intelli-studio 2014-02-20 11:08 - 2014-03-02 00:41 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Intelli-studio 2014-02-20 11:08 - 2014-02-20 11:20 - 00001865 _____ () C:\Users\Public\Desktop\Intelli-studio.lnk 2014-02-15 15:26 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-15 15:26 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-15 15:26 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-15 15:26 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-15 15:26 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-15 15:26 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-15 15:26 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-15 15:26 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-15 15:26 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-15 15:26 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-15 15:26 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-15 15:26 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-15 15:26 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-15 15:26 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-15 15:26 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-15 15:26 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-14 15:07 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll ==================== One Month Modified Files and Folders ======= 2014-03-03 10:59 - 2014-03-03 10:57 - 00017858 _____ () C:\Users\Raimund\Desktop\FRST.txt 2014-03-03 10:57 - 2014-03-03 10:57 - 00000000 ____D () C:\FRST 2014-03-03 10:56 - 2014-03-03 10:56 - 00000476 _____ () C:\Users\Raimund\Desktop\defogger_disable.log 2014-03-03 10:56 - 2014-03-03 10:56 - 00000000 _____ () C:\Users\Raimund\defogger_reenable 2014-03-03 10:56 - 2008-12-04 23:31 - 00000000 ____D () C:\Users\Raimund 2014-03-03 10:52 - 2014-03-03 10:52 - 00380416 _____ () C:\Users\Raimund\Desktop\Gmer-19357.exe 2014-03-03 10:51 - 2014-03-03 10:51 - 01145344 _____ (Farbar) C:\Users\Raimund\Desktop\FRST.exe 2014-03-03 10:50 - 2014-03-03 10:50 - 00050477 _____ () C:\Users\Raimund\Desktop\Defogger.exe 2014-03-03 10:33 - 2008-09-18 01:46 - 02009085 _____ () C:\Windows\WindowsUpdate.log 2014-03-03 10:30 - 2009-11-03 22:40 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-03-03 10:29 - 2008-12-04 23:31 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-03-03 10:29 - 2008-07-08 15:39 - 00109085 _____ () C:\ProgramData\nvModes.dat 2014-03-03 10:29 - 2008-07-08 15:39 - 00109085 _____ () C:\ProgramData\nvModes.001 2014-03-03 10:29 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-03 10:29 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-03 10:29 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-03 00:09 - 2008-07-09 07:09 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-03-03 00:09 - 2006-11-02 14:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-03 00:03 - 2012-12-12 16:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-02 00:41 - 2014-03-02 00:39 - 00000000 ____D () C:\Users\Raimund\Documents\Intelli-studio 2014-03-02 00:41 - 2014-02-20 11:08 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Intelli-studio 2014-02-27 14:05 - 2006-11-02 11:33 - 01619710 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-26 23:54 - 2010-06-08 20:30 - 00000000 ____D () C:\Users\Raimund\AppData\Roaming\Skype 2014-02-20 22:03 - 2012-12-12 16:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-20 22:03 - 2012-12-12 16:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-20 11:20 - 2014-02-20 11:08 - 00001865 _____ () C:\Users\Public\Desktop\Intelli-studio.lnk 2014-02-20 11:16 - 2006-11-02 13:52 - 00108264 _____ () C:\Windows\setupact.log 2014-02-20 11:07 - 2008-07-08 15:23 - 00000000 ____D () C:\Program Files\Samsung 2014-02-17 14:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-15 15:40 - 2013-08-15 14:27 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-15 15:34 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-02-05 09:58 - 2014-02-15 15:26 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-05 09:56 - 2014-02-15 15:26 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-05 09:53 - 2014-02-15 15:26 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-05 09:51 - 2014-02-15 15:26 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-05 09:50 - 2014-02-15 15:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-05 09:49 - 2014-02-15 15:26 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-05 09:49 - 2014-02-15 15:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-05 09:48 - 2014-02-15 15:26 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-05 09:48 - 2014-02-15 15:26 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-05 09:48 - 2014-02-15 15:26 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-05 09:48 - 2014-02-15 15:26 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-05 09:48 - 2014-02-15 15:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-05 09:47 - 2014-02-15 15:26 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-05 09:47 - 2014-02-15 15:26 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-05 09:47 - 2014-02-15 15:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-05 09:46 - 2014-02-15 15:26 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-03 19:51 - 2008-01-21 03:47 - 01245526 _____ () C:\Windows\PFRO.log Some content of TEMP: ==================== C:\Users\Raimund\AppData\Local\Temp\AdobeUpdater12345.exe C:\Users\Raimund\AppData\Local\Temp\ose00000.exe C:\Users\Raimund\AppData\Local\Temp\_is2FA7.exe C:\Users\Raimund\AppData\Local\Temp\_is3EE3.exe C:\Users\Raimund\AppData\Local\Temp\_is3F9.exe C:\Users\Raimund\AppData\Local\Temp\_is74B2.exe C:\Users\Raimund\AppData\Local\Temp\_isA9B.exe C:\Users\Raimund\AppData\Local\Temp\_isAA62.exe C:\Users\Raimund\AppData\Local\Temp\_isAFE1.exe C:\Users\Raimund\AppData\Local\Temp\_isB46.exe C:\Users\Raimund\AppData\Local\Temp\_isBB05.exe C:\Users\Raimund\AppData\Local\Temp\_isBE8D.exe C:\Users\Raimund\AppData\Local\Temp\_isCD7B.exe C:\Users\Raimund\AppData\Local\Temp\_isE733.exe C:\Users\Raimund\AppData\Local\Temp\_isF4AB.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-03 10:35 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-03-2014 Ran by Raimund at 2014-03-03 10:59:21 Running from C:\Users\Raimund\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems) Apple Software Update (HKLM\...\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}) (Version: 2.0.2.92 - Apple Inc.) Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - ) BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden Bundled software uninstaller (HKLM\...\bi_uninstaller) (Version: - ) <==== ATTENTION C4700 (Version: 130.0.373.000 - Hewlett-Packard) Hidden CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2403 - CyberLink Corp.) CyberLink Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.0.3825 - CyberLink Corp.) Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) Die ersten 10 Jahre (HKLM\...\{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}) (Version: 1.00.0000 - ) Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - ) Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung) Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Ihr Firmenname) Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname) Hidden Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.1.0 - ) FileConverter 1.3 B2 Toolbar (HKLM\...\FileConverter_1.3_B2 Toolbar) (Version: 6.12.0.11 - FileConverter 1.3 B2) FILEminimizer Pictures (HKLM\...\FILEminimizer Pictures_is1) (Version: - balesio AG) GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{2012D762-5DCA-455A-B5FE-EDF79BC93E18}) (Version: 13.0 - HP) HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP) HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD) Intel PROSet Wireless (Version: - ) Hidden Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}) (Version: 12.00.2000 - Intel(R) Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Internet Explorer (Version: 9 - Microsoft Corporation) Hidden Internet Explorer Toolbar 4.6 by SweetPacks (HKLM\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: .2406 - CyberLink Corp.) LightScribe System Software 1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe) LyricsPal (HKLM\...\lrcspal@xinghao.net) (Version: - XingHao Software) <==== ATTENTION MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden Memeo AutoSync (HKLM\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.) Memeo Instant Backup (HKLM\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft) Microsoft Works Suite-Add-Ins für Microsoft Word (HKLM\...\{25F60491-F5AB-4985-9354-37C146783F35}) (Version: 2.0.0.0000 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden Norton Internet Security (HKLM\...\NIS) (Version: 21.1.0.18 - Symantec Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation) NVIDIA Performance (HKLM\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation) NVIDIA Performance (Version: 6.5 - NVIDIA Corporation) Hidden NVIDIA System Monitor (HKLM\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation) NVIDIA System Monitor (Version: 6.5 - NVIDIA Corporation) Hidden NVIDIA System Update (HKLM\...\InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}) (Version: 3.00 - NVIDIA Corporation) NVIDIA System Update (Version: 3.00 - NVIDIA Corporation) Hidden PaperPort Image Printer (HKLM\...\{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}) (Version: 1.00.0000 - Nuance Communications, Inc.) Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.50 - Ihr Firmenname) Play AVStation (Version: 4.1.20.50 - Ihr Firmenname) Hidden PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.7 - ) PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 5.0.3927 - CyberLink Corp.) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - CyberLink Corp.) PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 085120(3.7)_Vista_SSPC - CyberLink Corp.) PS_AIO_06_C4700_SW_Min (Version: 130.0.373.000 - Hewlett-Packard) Hidden Q-plus Bridge 10 (HKLM\...\Q-plus Bridge 10) (Version: - ) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.) Reclams Kreuzworträtsellexikon (HKLM\...\Reclams Kreuzworträtsellexikon) (Version: - ) SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.) Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD) Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.5 - Samsung) Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden ScanSoft PaperPort 11 (HKLM\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.) Seagate Dashboard (HKLM\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.) Shockwave (HKLM\...\Shockwave) (Version: - ) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.) Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.) SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden SweetIM for Messenger 3.7 (HKLM\...\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}) (Version: 3.7.0007 - SweetIM Technologies Ltd.) <==== ATTENTION SweetPacks bundle uninstaller (HKLM\...\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}) (Version: 1.0.0001 - SweetIM Technologies Ltd.) <==== ATTENTION Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics) Telefonauskunft und Rückwärtssuche auf CD-ROM (HKLM\...\{42F81BE4-63FC-455C-8F80-2158612EDA9E}) (Version: 1.00.0000 - telegate MEDIA AG) T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version: - ) T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version: - ) Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) USB FLYING STICK (HKLM\...\FT7195) (Version: - ) User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - ) Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation) WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.) Works Suite-Betriebssystem-Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden Works-Synchronisierung (Version: 1.0.0.0000 - Firmenname) Hidden ==================== Restore Points ========================= 14-09-2013 12:58:04 Windows Update 16-10-2013 12:14:51 Windows Update 14-11-2013 14:14:59 Windows Update 14-12-2013 14:31:52 Windows Update 16-01-2014 08:54:29 Windows Update 29-01-2014 13:32:04 Windows Update 15-02-2014 14:20:27 Windows Update 27-02-2014 12:58:14 Windows Update ==================== Hosts content: ========================== 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {04699375-5AFB-4BAF-9F2A-09D8C0497F4E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION Task: {11893D5E-54A0-4C6B-AB0D-D9FA527334A9} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION Task: {1C1403F7-AA79-4AEB-B025-B6645E4819B1} - System32\Tasks\{5DE02A4D-873C-479A-83A9-AEEDE6DE5690} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {206E3C38-F33B-415D-9450-1CD60B8135E8} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation) <==== ATTENTION Task: {3048F55A-A266-40E3-8960-C82CC5E9F0A2} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-04] (Samsung Electronics Co., Ltd.) <==== ATTENTION Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {3DFD267D-6C28-4D9F-9B75-BDF1CC00D3CC} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation) <==== ATTENTION Task: {3E21E1AC-D61F-4D06-85AE-7BA3CE25479D} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.) <==== ATTENTION Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION Task: {46A2672D-D19D-4A06-92B0-76E399E1AFAE} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\Windows\system32\lpremove.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION Task: {492B8F7F-EE8B-4BD2-96F0-3CD390189FA9} - System32\Tasks\Microsoft\Windows\MUI\Mcbuilder => C:\Windows\System32\mcbuilder.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION Task: {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\system32\BthUdTask.exe [2009-04-11] (Microsoft Corporation) <==== ATTENTION Task: {557A9153-8060-4500-85DA-841BFEE856A2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) <==== ATTENTION Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs [2008-01-21] () <==== ATTENTION Task: {56FC5C7B-173D-4CF6-8A5E-EACC301EBB6F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics) <==== ATTENTION Task: {57030356-4699-4E1F-9939-F9D4460CD4DA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION Task: {5936C79A-731F-4716-BE59-35B58194ECE5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION Task: {601584B6-D7D9-4A55-AB93-0E04245E4CF8} - System32\Tasks\{D59EAB00-DDF4-401D-A6F0-FD1318A8749C} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION Task: {6FA7AB56-F5FB-4F1B-85A9-EF399DDC1807} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation) <==== ATTENTION Task: {77DFA1C0-895B-437F-ADEA-FA41F08AA14D} - System32\Tasks\{DF54DA06-F274-4D0E-9C61-9805C7A90D51} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION Task: {78DABEC8-68B8-4590-81BD-4532D98F07C2} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\Windows\system32\DFDWiz.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION Task: {7B50DB5F-DB88-4F32-93EF-7D1870D6D1DC} - System32\Tasks\{07FD2472-DFFD-4A34-9BEB-67BC0F5F1AE5} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION Task: {858BD5FB-61C3-4D83-8392-B9855BE4DF1D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe [2009-04-11] (Microsoft Corporation) <==== ATTENTION Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION Task: {8EBE5DF9-0174-4C6E-9167-772BB0717C65} - System32\Tasks\Microsoft\Windows\RestartManager\{3054AEBE-DDE9-49f7-94D3-B64A2AD72371} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) <==== ATTENTION Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.) <==== ATTENTION Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION Task: {B018E776-CC9A-4984-BA5D-7C8A743A6DBE} - System32\Tasks\User_Feed_Synchronization-{F96F0F53-13D2-475D-B150-9A388DCD819E} => C:\Windows\system32\msfeedssync.exe [2012-07-01] (Microsoft Corporation) <==== ATTENTION Task: {B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION Task: {C7A04EA0-1AFF-4F27-BE45-EA5FEA5CBA37} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Raimund => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) <==== ATTENTION Task: {CB742042-B33B-4C37-8B78-850310DE2EDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated) <==== ATTENTION Task: {CBD7E95B-A075-44E2-BBE3-E5FCD4C7688A} - System32\Tasks\{1A0563EE-C4EE-4504-82C5-85208CF9817E} => C:\Program Files\Skype\Phone\Skype.exe [2013-04-19] (Skype Technologies S.A.) <==== ATTENTION Task: {CE3C7B64-1AB7-4FA9-83BD-864EC211E4D1} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2008-04-25] (Samsung Electronics Co., Ltd.) <==== ATTENTION Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () <==== ATTENTION Task: {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => Sc.exe config upnphost start= auto <==== ATTENTION Task: {F6C840F6-CE8D-462C-8D55-120313D3D39D} - System32\Tasks\{336BC3DC-756E-41D4-86F0-869C4B6BF4E0} => c:\program files\t-online\t-online_software_6\browser\browser.exe [2010-02-11] (Deutsche Telekom AG) <==== ATTENTION Task: {F8015734-01C2-441E-B19B-54B7A1112A9F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29] (Apple Inc.) <==== ATTENTION Task: {F887B50F-E636-4A82-A80A-3D80F59A5956} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation) <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2010-03-03 22:28 - 2009-08-20 01:19 - 00074984 _____ () C:\Program Files\FILEminimizer Pictures\FILEMShell.dll 2008-07-08 15:32 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll 2008-07-08 15:31 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll 2008-07-08 15:31 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll 2007-07-12 05:55 - 2007-07-12 05:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll 2007-08-14 05:59 - 2007-08-14 05:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll 2007-07-12 05:55 - 2007-07-12 05:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2011-06-02 00:06 - 2011-06-02 00:06 - 00108296 _____ () C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll 2011-06-02 00:11 - 2011-06-02 00:11 - 00030984 _____ () C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll 2011-06-02 00:10 - 2011-06-02 00:10 - 00011016 _____ () C:\Program Files\Seagate\Seagate Dashboard\Plugins\de-DE\Memeo.Dashboard.SeagateSharePlusPlugin.resources.dll 2008-07-08 15:26 - 2006-12-19 14:23 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2011-05-13 00:44 - 2011-05-13 00:44 - 00325344 _____ () C:\Program Files\Memeo\AutoBackup\InstantBackup.exe 2011-05-13 00:45 - 2011-05-13 00:45 - 02896608 _____ () C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll 2011-05-13 00:45 - 2011-05-13 00:45 - 00027360 _____ () C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll 2011-05-13 00:45 - 2011-05-13 00:45 - 00028672 _____ () C:\Program Files\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll 2010-03-22 23:59 - 2010-03-22 23:59 - 00504293 _____ () C:\Program Files\Memeo\AutoBackup\sqlite3.dll 2011-06-01 17:16 - 2011-06-01 17:16 - 00241664 _____ () C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll 2011-06-01 17:16 - 2011-06-01 17:16 - 00971776 _____ () C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/03/2014 10:30:02 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/03/2014 10:29:41 AM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel() bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (03/02/2014 08:14:58 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/02/2014 08:14:39 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel() bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (03/02/2014 06:13:52 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/02/2014 06:13:37 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel() bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (03/01/2014 04:16:09 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/01/2014 04:15:41 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel() bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (02/28/2014 02:14:41 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/28/2014 02:14:17 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel() bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) System errors: ============= Error: (03/03/2014 10:33:52 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT) Description: 0x80070032 Error: (03/03/2014 10:30:03 AM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (03/03/2014 10:30:03 AM) (Source: Service Control Manager) (User: ) Description: PCASp50 NDIS Protocol Driver%%2 Error: (03/02/2014 08:17:43 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT) Description: 0x80070032 Error: (03/02/2014 08:14:58 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (03/02/2014 08:14:58 PM) (Source: Service Control Manager) (User: ) Description: PCASp50 NDIS Protocol Driver%%2 Error: (03/02/2014 06:16:35 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT) Description: 0x80070032 Error: (03/02/2014 06:13:53 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (03/02/2014 06:13:53 PM) (Source: Service Control Manager) (User: ) Description: PCASp50 NDIS Protocol Driver%%2 Error: (03/01/2014 04:18:51 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT) Description: 0x80070032 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-02-10 19:36:27.988 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-10 19:36:26.970 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-10 19:36:26.656 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-10 19:36:26.335 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-10 19:33:09.428 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-10 19:33:08.434 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-10 19:33:08.068 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-02-10 19:33:07.636 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-01 19:52:04.922 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-01 19:52:04.615 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Internet Security\Engine\21.1.0.18\asoehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 40% Total physical RAM: 3065.88 MB Available physical RAM: 1817.85 MB Total Pagefile: 6352.15 MB Available Pagefile: 5103.37 MB Total Virtual: 2047.88 MB Available Virtual: 1885.17 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:144.09 GB) (Free:30.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:144 GB) (Free:143.9 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: B6394A61) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-03-03 11:35:55 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2SS0 298,09GB Running: Gmer-19357.exe; Driver: C:\Users\Raimund\AppData\Local\Temp\pxliqfoc.sys ---- System - GMER 2.1 ---- SSDT 8782D038 ZwAlertResumeThread SSDT 8782D0D0 ZwAlertThread SSDT 8751FCE8 ZwAllocateVirtualMemory SSDT 871CFB18 ZwAlpcConnectPort SSDT 873C2EA0 ZwAssignProcessToJobObject SSDT 872DFE30 ZwCreateMutant SSDT 873C2C98 ZwCreateSymbolicLinkObject SSDT 87621A78 ZwCreateThread SSDT 873C2F38 ZwDebugActiveProcess SSDT 872DF090 ZwDuplicateObject SSDT 876A2CB8 ZwFreeVirtualMemory SSDT 872DFED8 ZwImpersonateAnonymousToken SSDT 872DFF70 ZwImpersonateThread SSDT 8709E330 ZwLoadDriver SSDT 8741C490 ZwMapViewOfSection SSDT 872DFD98 ZwOpenEvent SSDT 873C20C0 ZwOpenProcess SSDT 8751FD70 ZwOpenProcessToken SSDT 872DFC68 ZwOpenSection SSDT 872DF118 ZwOpenThread SSDT 873C2DF8 ZwProtectVirtualMemory SSDT 8782D168 ZwResumeThread SSDT 8782D330 ZwSetContextThread SSDT 8741C350 ZwSetInformationProcess SSDT 873C2FD0 ZwSetSystemInformation SSDT 872DFD00 ZwSuspendProcess SSDT 8782D200 ZwSuspendThread SSDT 873B1C28 ZwTerminateProcess SSDT 8782D298 ZwTerminateThread SSDT 8741C3F8 ZwUnmapViewOfSection SSDT 876A2D60 ZwWriteVirtualMemory SSDT 873C2D40 ZwCreateThreadEx ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!KeInsertQueue + 30D 82081814 8 Bytes [38, D0, 82, 87, D0, D0, 82, ...] .text ntoskrnl.exe!KeInsertQueue + 321 82081828 4 Bytes [E8, FC, 51, 87] .text ntoskrnl.exe!KeInsertQueue + 32D 82081834 4 Bytes [18, FB, 1C, 87] {SBB BL, BH; SBB AL, 0x87} .text ntoskrnl.exe!KeInsertQueue + 381 82081888 4 Bytes [A0, 2E, 3C, 87] .text ntoskrnl.exe!KeInsertQueue + 3E5 820818EC 4 Bytes [30, FE, 2D, 87] .text ... .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x9100C340, 0x3E9407, 0xE8000020] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0002787923ce Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027879245e Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0002787923ce (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027879245e (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
Themen zu Windows Vista: ewiges booten, email-browser hängt sich auf und vieles mehr |
bluescreen, booten, browser, browser.exe, device driver, error, excel, flash player, home, hängt, laptop hängt, monitor, object, performance, problem, realtek, registry, rundll, scan, security, software, stick, svchost.exe, symantec, system, vista, windows, wlan |